diff options
| author | markm <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
| commit | ecacd12edb99d739f012912174233320c5f8262f (patch) | |
| tree | b81a83b72c76fb8541cf06d3e99d92f1c0fc0888 /secure/lib | |
| parent | b159341ed957acbcab2f9bdd46c0b82ecd2e7864 (diff) | |
| download | FreeBSD-src-ecacd12edb99d739f012912174233320c5f8262f.zip FreeBSD-src-ecacd12edb99d739f012912174233320c5f8262f.tar.gz | |
Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.
Diffstat (limited to 'secure/lib')
272 files changed, 11093 insertions, 12639 deletions
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 6da25cb..933da6a 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -1,144 +1,115 @@ # $FreeBSD$ -.include "Makefile.inc" - -.PATH: ${LCRYPTO_SRC} ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/bf \ - ${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/buffer \ - ${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/conf \ - ${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/dsa \ - ${LCRYPTO_SRC}/dso ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/evp \ - ${LCRYPTO_SRC}/hmac ${LCRYPTO_SRC}/lhash ${LCRYPTO_SRC}/md2 \ - ${LCRYPTO_SRC}/md4 ${LCRYPTO_SRC}/md5 ${LCRYPTO_SRC}/mdc2 \ - ${LCRYPTO_SRC}/objects ${LCRYPTO_SRC}/pem ${LCRYPTO_SRC}/pkcs7 \ - ${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/rand ${LCRYPTO_SRC}/rc2 \ - ${LCRYPTO_SRC}/rc4 ${LCRYPTO_SRC}/rc5 ${LCRYPTO_SRC}/ripemd \ - ${LCRYPTO_SRC}/rsa ${LCRYPTO_SRC}/../rsaref ${LCRYPTO_SRC}/sha \ - ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/x509 \ - ${LCRYPTO_SRC}/x509v3 ${.CURDIR}/man - -.if ${MACHINE_ARCH} == "i386" -.PATH: ${.CURDIR}/i386 -.endif - -.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES -.PATH: ${LCRYPTO_SRC}/idea -.endif - LIB= crypto -SHLIB_MAJOR= 2 +SHLIB_MAJOR= 3 NOLINT= true +.include "Makefile.inc" + # base sources -SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \ - tmdiff.c uid.c +SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \ + mem_dbg.c o_time.c tmdiff.c uid.c + +# aes +SRCS+= aes_cbc.c aes_cfb.c aes_core.c aes_ctr.c aes_ecb.c aes_misc.c aes_ofb.c # asn1 -SRCS+= a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ +SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c \ - a_mbstr.c a_meth.c a_null.c a_object.c a_octet.c a_print.c \ + a_mbstr.c a_meth.c a_object.c a_octet.c a_print.c \ a_set.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c \ - a_utctm.c a_utf8.c a_verify.c a_vis.c asn1_err.c asn1_lib.c \ - asn1_par.c asn_pack.c d2i_dhp.c d2i_dsap.c d2i_pr.c d2i_pu.c \ - d2i_r_pr.c d2i_r_pu.c d2i_s_pr.c d2i_s_pu.c evp_asn1.c \ - f_enum.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c i2d_pr.c \ - i2d_pu.c i2d_r_pr.c i2d_r_pu.c i2d_s_pr.c i2d_s_pu.c n_pkey.c \ - nsseq.c p5_pbe.c p5_pbev2.c p7_dgst.c p7_enc.c p7_enc_c.c \ - p7_evp.c p7_i_s.c p7_lib.c p7_recip.c p7_s_e.c p7_signd.c \ - p7_signi.c p8_pkey.c t_bitst.c t_crl.c t_pkey.c t_req.c \ - t_spki.c t_x509.c t_x509a.c x_algor.c x_attrib.c x_cinf.c \ - x_crl.c x_exten.c x_info.c x_name.c x_pkey.c x_pubkey.c \ + a_utctm.c a_utf8.c a_verify.c asn1_err.c asn1_lib.c \ + asn1_par.c asn_moid.c asn_pack.c d2i_pr.c d2i_pu.c \ + evp_asn1.c f_enum.c f_int.c f_string.c i2d_pr.c i2d_pu.c \ + n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c t_bitst.c \ + t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \ + tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_typ.c \ + tasn_utl.c x_algor.c x_attrib.c x_bignum.c x_crl.c \ + x_exten.c x_info.c x_long.c x_name.c x_pkey.c x_pubkey.c \ x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c -# blowfish -SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_skey.c -.if ${MACHINE_ARCH} == "i386" -.if ${MACHINE_CPU:Mi686} -SRCS+= bf-686.s -.else -SRCS+= bf-586.s -.endif -.else -SRCS+= bf_enc.c -.endif +# bf +SRCS+= bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c # bio -SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_nbio.c bf_null.c \ - bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c bss_conn.c \ - bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c +SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_lbuf.c bf_nbio.c \ + bf_null.c bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c \ + bss_conn.c bss_fd.c bss_file.c bss_log.c bss_mem.c \ + bss_null.c bss_sock.c # bn - -SRCS+= bn_add.c bn_blind.c bn_ctx.c bn_div.c bn_err.c \ - bn_exp.c bn_exp2.c bn_gcd.c bn_lib.c bn_mont.c bn_mpi.c \ - bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c bn_shift.c \ - bn_sqr.c bn_word.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= bn-586.s co-586.s -.else -SRCS+= bn_asm.c -.endif +SRCS+= bn_add.c bn_asm.c bn_blind.c bn_ctx.c bn_div.c bn_err.c bn_exp.c \ + bn_exp2.c bn_gcd.c bn_kron.c bn_lib.c bn_mod.c bn_mont.c \ + bn_mpi.c bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c \ + bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c # buffer -SRCS+= buf_err.c buffer.c +SRCS+= buf_err.c buffer.c # cast -SRCS+= c_cfb64.c c_ecb.c c_ofb64.c c_skey.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= cast-586.s -.else -SRCS+= c_enc.c -.endif +SRCS+= c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c # comp -SRCS+= c_rle.c c_zlib.c comp_lib.c +SRCS+= c_rle.c c_zlib.c comp_err.c comp_lib.c # conf -SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c +SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_sap.c # des -SRCS+= cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ - ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c enc_writ.c \ - fcrypt.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c \ - qud_cksm.c rand_key.c read2pwd.c read_pwd.c rpc_enc.c \ - set_key.c str2key.c xcbc_enc.c rnd_keys.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= des-586.s crypt586.s -.else -SRCS+= des_enc.c fcrypt_b.c -.endif +SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ + des_enc.c des_old.c des_old2.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \ + enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \ + ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c rnd_keys.c \ + rpc_enc.c set_key.c str2key.c xcbc_enc.c # dh -SRCS+= dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c +SRCS+= dh_asn1.c dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c -# dsa -SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c \ - dsa_sign.c dsa_vrf.c +# dsa +SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c dsa_sign.c dsa_vrf.c # dso -SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c +SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c + +# ec +SRCS+= ec_cvt.c ec_err.c ec_lib.c ec_mult.c ecp_mont.c ecp_nist.c \ + ecp_recp.c ecp_smpl.c + +# engine +SRCS+= eng_all.c eng_cnf.c eng_ctrl.c eng_dyn.c eng_err.c eng_fat.c \ + eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c \ + eng_table.c hw_4758_cca.c hw_4758_cca_err.c hw_aep.c hw_aep_err.c \ + hw_atalla.c hw_atalla_err.c hw_cryptodev.c hw_cswift.c \ + hw_cswift_err.c hw_ncipher.c hw_ncipher_err.c hw_nuron.c \ + hw_nuron_err.c hw_sureware.c hw_sureware_err.c hw_ubsec.c \ + hw_ubsec_err.c tb_cipher.c tb_dh.c tb_digest.c tb_dsa.c tb_rand.c \ + tb_rsa.c # err SRCS+= err.c err_all.c err_prn.c # evp SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \ - digest.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c e_null.c \ - e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c evp_enc.c \ - evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_dss.c \ - m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c m_ripemd.c \ - m_sha.c m_sha1.c names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c \ - p_lib.c p_open.c p_seal.c p_sign.c p_verify.c + digest.c e_aes.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c \ + e_null.c e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c evp_acnf.c \ + evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c \ + m_dss.c m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c \ + m_ripemd.c m_sha.c m_sha1.c names.c openbsd_hw.c p5_crpt.c \ + p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c \ + p_verify.c # hmac SRCS+= hmac.c # idea .if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES -SRCS+= i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c i_skey.c +SRCS+= i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c .endif +# krb5 +#SRCS+= krb5_asn.c + # lhash SRCS+= lh_stats.c lhash.c @@ -150,233 +121,169 @@ SRCS+= md4_dgst.c md4_one.c # md5 SRCS+= md5_dgst.c md5_one.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= md5-586.s -.endif # mdc2 -SRCS+= mdc2dgst.c mdc2_one.c +SRCS+= mdc2_one.c mdc2dgst.c # objects SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c -# pem -SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_seal.c pem_sign.c +# ocsp +SRCS+= ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c \ + ocsp_lib.c ocsp_prn.c ocsp_srv.c ocsp_vfy.c -# pkcs7 -SRCS+= pk7_attr.c pk7_doit.c pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c +# pem +SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c \ + pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c # pkcs12 -SRCS+= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \ - p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c \ - p12_npas.c p12_sbag.c p12_utl.c pk12err.c +SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c \ + p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c \ + p12_npas.c p12_p8d.c p12_p8e.c p12_utl.c pk12err.c + +# pkcs7 +SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ + pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c # rand -SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_win.c randfile.c +SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c randfile.c # rc2 -SRCS+= rc2_cbc.c rc2cfb64.c rc2_ecb.c rc2ofb64.c rc2_skey.c +SRCS+= rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c # rc4 -SRCS+= rc4_skey.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= rc4-586.s -.else -SRCS+= rc4_enc.c -.endif +SRCS+= rc4_enc.c rc4_skey.c # rc5 -SRCS+= rc5cfb64.c rc5_ecb.c rc5ofb64.c rc5_skey.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= rc5-586.s -.else -SRCS+= rc5_enc.c -.endif +SRCS+= rc5_ecb.c rc5_enc.c rc5_skey.c rc5cfb64.c rc5ofb64.c # ripemd SRCS+= rmd_dgst.c rmd_one.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= rmd-586.s -.endif # rsa -.if defined(WITH_RSA) && ${WITH_RSA} == YES -SRCS+= rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_none.c \ - rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c rsa_sign.c rsa_ssl.c -.endif +SRCS+= rsa_asn1.c rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c \ + rsa_none.c rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c \ + rsa_sign.c rsa_ssl.c # sha -SRCS+= sha_dgst.c sha_one.c sha1_one.c sha1dgst.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= sha1-586.s -.endif +SRCS+= sha1_one.c sha1dgst.c sha_dgst.c sha_one.c # stack SRCS+= stack.c +# threads +SRCS+= th-lock.c + # txt_db SRCS+= txt_db.c -# x509 -SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c x509_def.c \ - x509_err.c x509_ext.c x509_lu.c x509_obj.c x509_r2x.c \ - x509_req.c x509_set.c x509_trs.c x509_txt.c x509_v3.c \ - x509_vfy.c x509name.c x509rset.c x509spki.c x509type.c x_all.c -# x509v3 -SRCS+= v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c \ - v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_info.c \ - v3_int.c v3_lib.c v3_pku.c v3_prn.c v3_purp.c v3_skey.c \ - v3_sxnet.c v3_utl.c v3err.c - -POD1+= apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod \ - apps/ciphers.pod apps/crl.pod \ - apps/crl2pkcs7.pod apps/dgst.pod apps/dhparam.pod apps/dsa.pod \ - apps/dsaparam.pod apps/enc.pod apps/gendsa.pod apps/genrsa.pod \ - apps/nseq.pod apps/openssl.pod apps/passwd.pod apps/pkcs12.pod \ - apps/pkcs7.pod apps/pkcs8.pod apps/rand.pod apps/req.pod \ - apps/rsa.pod apps/rsautl.pod apps/s_client.pod \ - apps/s_server.pod apps/sess_id.pod apps/smime.pod \ - apps/speed.pod apps/spkac.pod apps/verify.pod apps/version.pod \ - apps/x509.pod - -POD3+= crypto/BIO_ctrl.pod crypto/BIO_f_base64.pod \ - crypto/BIO_f_buffer.pod crypto/BIO_f_cipher.pod \ - crypto/BIO_f_md.pod crypto/BIO_f_null.pod crypto/BIO_f_ssl.pod \ - crypto/BIO_find_type.pod crypto/BIO_new.pod \ - crypto/BIO_new_bio_pair.pod crypto/BIO_push.pod \ - crypto/BIO_read.pod crypto/BIO_s_accept.pod \ - crypto/BIO_s_bio.pod crypto/BIO_s_connect.pod \ - crypto/BIO_s_fd.pod crypto/BIO_s_file.pod crypto/BIO_s_mem.pod \ - crypto/BIO_s_null.pod crypto/BIO_s_socket.pod \ - crypto/BIO_set_callback.pod crypto/BIO_should_retry.pod \ - crypto/BN_CTX_new.pod crypto/BN_CTX_start.pod \ - crypto/BN_add.pod crypto/BN_add_word.pod crypto/BN_bn2bin.pod \ - crypto/BN_cmp.pod crypto/BN_copy.pod \ - crypto/BN_generate_prime.pod crypto/BN_mod_inverse.pod \ - crypto/BN_mod_mul_montgomery.pod \ - crypto/BN_mod_mul_reciprocal.pod crypto/BN_new.pod \ - crypto/BN_num_bytes.pod crypto/BN_rand.pod \ - crypto/BN_set_bit.pod crypto/BN_zero.pod \ - crypto/CRYPTO_set_ex_data.pod crypto/DH_generate_key.pod \ - crypto/DH_generate_parameters.pod \ - crypto/DH_get_ex_new_index.pod crypto/DH_new.pod \ - crypto/DH_set_method.pod crypto/DH_size.pod \ - crypto/DSA_SIG_new.pod crypto/DSA_do_sign.pod \ - crypto/DSA_dup_DH.pod crypto/DSA_generate_key.pod \ - crypto/DSA_generate_parameters.pod \ - crypto/DSA_get_ex_new_index.pod crypto/DSA_new.pod \ - crypto/DSA_set_method.pod crypto/DSA_sign.pod \ - crypto/DSA_size.pod crypto/ERR_GET_LIB.pod \ - crypto/ERR_clear_error.pod crypto/ERR_error_string.pod \ - crypto/ERR_get_error.pod crypto/ERR_load_crypto_strings.pod \ - crypto/ERR_load_strings.pod crypto/ERR_print_errors.pod \ - crypto/ERR_put_error.pod crypto/ERR_remove_state.pod \ - crypto/EVP_DigestInit.pod crypto/EVP_EncryptInit.pod \ - crypto/EVP_OpenInit.pod crypto/EVP_SealInit.pod \ - crypto/EVP_SignInit.pod crypto/EVP_VerifyInit.pod \ - crypto/OPENSSL_VERSION_NUMBER.pod \ - crypto/OpenSSL_add_all_algorithms.pod crypto/RAND_add.pod \ - crypto/RAND_bytes.pod crypto/RAND_cleanup.pod \ - crypto/RAND_egd.pod crypto/RAND_load_file.pod \ - crypto/RAND_set_rand_method.pod crypto/RSA_blinding_on.pod \ - crypto/RSA_check_key.pod crypto/RSA_generate_key.pod \ - crypto/RSA_get_ex_new_index.pod crypto/RSA_new.pod \ - crypto/RSA_padding_add_PKCS1_type_1.pod crypto/RSA_print.pod \ - crypto/RSA_private_encrypt.pod crypto/RSA_public_encrypt.pod \ - crypto/RSA_set_method.pod crypto/RSA_sign.pod \ - crypto/RSA_sign_ASN1_OCTET_STRING.pod crypto/RSA_size.pod \ - crypto/bio.pod crypto/blowfish.pod crypto/bn.pod \ - crypto/bn_internal.pod crypto/buffer.pod crypto/crypto.pod \ - crypto/d2i_DHparams.pod crypto/d2i_RSAPublicKey.pod \ - crypto/des.pod crypto/des_modes.pod crypto/dh.pod \ - crypto/dsa.pod crypto/err.pod crypto/evp.pod crypto/hmac.pod \ - crypto/lh_stats.pod crypto/lhash.pod crypto/md5.pod \ - crypto/mdc2.pod crypto/rand.pod crypto/rc4.pod \ - crypto/ripemd.pod crypto/rsa.pod crypto/sha.pod \ - crypto/threads.pod - -POD3+= ssl/SSL_CIPHER_get_name.pod \ - ssl/SSL_CTX_add_extra_chain_cert.pod \ - ssl/SSL_CTX_add_session.pod ssl/SSL_CTX_flush_sessions.pod \ - ssl/SSL_CTX_free.pod ssl/SSL_CTX_get_ex_new_index.pod \ - ssl/SSL_CTX_get_verify_mode.pod \ - ssl/SSL_CTX_load_verify_locations.pod ssl/SSL_CTX_new.pod \ - ssl/SSL_CTX_sess_set_cache_size.pod ssl/SSL_CTX_sess_set_get_cb.pod \ - ssl/SSL_CTX_sessions.pod ssl/SSL_CTX_set_cipher_list.pod \ - ssl/SSL_CTX_set_client_CA_list.pod \ - ssl/SSL_CTX_set_client_cert_cb.pod \ - ssl/SSL_CTX_set_default_passwd_cb.pod ssl/SSL_CTX_set_options.pod\ - ssl/SSL_CTX_set_session_cache_mode.pod \ - ssl/SSL_CTX_set_session_id_context.pod \ - ssl/SSL_CTX_set_ssl_version.pod \ - ssl/SSL_CTX_set_timeout.pod ssl/SSL_CTX_set_verify.pod \ - ssl/SSL_CTX_use_certificate.pod ssl/SSL_SESSION_free.pod \ - ssl/SSL_SESSION_get_ex_new_index.pod \ - ssl/SSL_SESSION_get_time.pod \ - ssl/SSL_accept.pod ssl/SSL_clear.pod ssl/SSL_connect.pod \ - ssl/SSL_do_handshake.pod \ - ssl/SSL_free.pod ssl/SSL_get_ciphers.pod \ - ssl/SSL_get_client_CA_list.pod ssl/SSL_get_current_cipher.pod \ - ssl/SSL_get_error.pod ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \ - ssl/SSL_get_ex_new_index.pod ssl/SSL_get_fd.pod \ - ssl/SSL_get_peer_cert_chain.pod ssl/SSL_get_peer_certificate.pod \ - ssl/SSL_get_rbio.pod ssl/SSL_get_session.pod \ - ssl/SSL_get_verify_result.pod ssl/SSL_library_init.pod \ - ssl/SSL_load_client_CA_file.pod ssl/SSL_new.pod ssl/SSL_pending.pod \ - ssl/SSL_read.pod ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod \ - ssl/SSL_set_session.pod ssl/SSL_set_verify_result.pod \ - ssl/SSL_shutdown.pod ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod \ - ssl/ssl.pod ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \ - ssl/SSL_get_version.pod ssl/SSL_set_connect_state.pod \ - ssl/SSL_set_shutdown.pod ssl/SSL_alert_type_string.pod \ - ssl/SSL_COMP_add_compression_method.pod ssl/SSL_CTX_ctrl.pod \ - ssl/SSL_CTX_set_cert_store.pod \ - ssl/SSL_CTX_set_cert_verify_callback.pod \ - ssl/SSL_CTX_set_info_callback.pod ssl/SSL_CTX_set_quiet_shutdown.pod \ - ssl/SSL_CTX_set_tmp_dh_callback.pod \ - ssl/SSL_CTX_set_tmp_rsa_callback.pod ssl/SSL_get_default_timeout.pod \ - ssl/SSL_get_SSL_CTX.pod ssl/SSL_rstate_string.pod \ - ssl/SSL_session_reused.pod ssl/SSL_state_string.pod \ - ssl/SSL_want.pod - -POD5+= apps/config.pod - -.if defined(WANT_OPENSSL_MANPAGES) -.for section in 1 3 5 -.for pod in ${POD${section}} -.for target in ${pod:T:S/.pod/.${section}/g} -MAN+= ${target} -.endfor -.endfor -.endfor -.endif +# ui +SRCS+= ui_compat.c ui_err.c ui_lib.c ui_openssl.c ui_util.c -MAN+= des_crypt.3 +# x509 +SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c \ + x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \ + x509_r2x.c x509_req.c x509_set.c x509_trs.c x509_txt.c \ + x509_v3.c x509_vfy.c x509cset.c x509name.c x509rset.c \ + x509spki.c x509type.c x_all.c -MLINKS= des_crypt.3 des_read_password.3 \ - des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \ - des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \ - des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \ - des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \ - des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \ - des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \ - des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \ - des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \ - des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \ - des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3 +# x509v3 +SRCS+= v3_akey.c v3_akeya.c v3_alt.c v3_bcons.c v3_bitst.c \ + v3_conf.c v3_cpols.c v3_crld.c v3_enum.c v3_extku.c \ + v3_genn.c v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ocsp.c \ + v3_pku.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c + +MAN3= ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 \ + ASN1_STRING_print_ex.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 \ + BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 \ + BIO_new.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 \ + BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 \ + BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_CTX_new.3 \ + BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 \ + BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 \ + BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 \ + BN_set_bit.3 BN_swap.3 BN_zero.3 CRYPTO_set_ex_data.3 \ + DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 \ + DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 \ + DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 \ + DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 \ + DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 \ + ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 \ + ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 \ + EVP_BytesToKey.3 EVP_DigestInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 \ + EVP_PKEY_new.3 EVP_PKEY_set1_RSA.3 EVP_SealInit.3 EVP_SignInit.3 \ + EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_VERSION_NUMBER.3 \ + OpenSSL_add_all_algorithms.3 PKCS12_create.3 PKCS12_parse.3 \ + PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_verify.3 \ + RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 \ + RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 \ + RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 \ + RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 \ + RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 \ + RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_PKCS7.3 \ + SMIME_write_PKCS7.3 X509_NAME_ENTRY_get_object.3 \ + X509_NAME_add_entry_by_txt.3 X509_NAME_get_index_by_NID.3 \ + X509_NAME_print_ex.3 X509_new.3 bio.3 blowfish.3 bn.3 bn_internal.3 \ + buffer.3 crypto.3 d2i_ASN1_OBJECT.3 d2i_DHparams.3 d2i_DSAPublicKey.3 \ + d2i_PKCS8PrivateKey.3 d2i_RSAPublicKey.3 d2i_X509.3 d2i_X509_ALGOR.3 \ + d2i_X509_CRL.3 d2i_X509_NAME.3 d2i_X509_REQ.3 d2i_X509_SIG.3 \ + des.3 des_modes.3 dh.3 dsa.3 engine.3 err.3 evp.3 hmac.3 \ + lh_stats.3 lhash.3 md5.3 mdc2.3 pem.3 rand.3 rc4.3 ripemd.3 \ + rsa.3 sha.3 threads.3 ui.3 ui_compat.3 INCS= ${HDRS} openssl/evp.h openssl/opensslconf.h INCSDIR= ${INCLUDEDIR}/openssl -INCSLINKS= openssl/des.h ${INCLUDEDIR}/des.h -afterinstall: -.if !defined(NOPIC) -SYMLINKS+= lib${LIB}.so.${SHLIB_MAJOR} ${LIBDIR}/libdes.so.3 -SYMLINKS+= lib${LIB}.so.${SHLIB_MAJOR} ${LIBDIR}/libdes.so -.endif -SYMLINKS+= lib${LIB}.a ${LIBDIR}/libdes.a -.if !defined(NOPROFILE) -SYMLINKS+= lib${LIB}_p.a ${LIBDIR}/libdes_p.a +.include <bsd.lib.mk> + +.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES +_ideapath= ${LCRYPTO_SRC}/crypto/idea .endif -.include <bsd.lib.mk> +.PATH: \ + ${LCRYPTO_SRC}/crypto \ + ${LCRYPTO_SRC}/crypto/aes \ + ${LCRYPTO_SRC}/crypto/asn1 \ + ${LCRYPTO_SRC}/crypto/bf \ + ${LCRYPTO_SRC}/crypto/bio \ + ${LCRYPTO_SRC}/crypto/bn \ + ${LCRYPTO_SRC}/crypto/buffer \ + ${LCRYPTO_SRC}/crypto/cast \ + ${LCRYPTO_SRC}/crypto/comp \ + ${LCRYPTO_SRC}/crypto/conf \ + ${LCRYPTO_SRC}/crypto/des \ + ${LCRYPTO_SRC}/crypto/dh \ + ${LCRYPTO_SRC}/crypto/dsa \ + ${LCRYPTO_SRC}/crypto/dso \ + ${LCRYPTO_SRC}/crypto/ec \ + ${LCRYPTO_SRC}/crypto/engine \ + ${LCRYPTO_SRC}/crypto/err \ + ${LCRYPTO_SRC}/crypto/evp \ + ${LCRYPTO_SRC}/crypto/hmac \ + ${_ideapath} \ + ${LCRYPTO_SRC}/crypto/krb5 \ + ${LCRYPTO_SRC}/crypto/lhash \ + ${LCRYPTO_SRC}/crypto/md2 \ + ${LCRYPTO_SRC}/crypto/md4 \ + ${LCRYPTO_SRC}/crypto/md5 \ + ${LCRYPTO_SRC}/crypto/mdc2 \ + ${LCRYPTO_SRC}/crypto/objects \ + ${LCRYPTO_SRC}/crypto/ocsp \ + ${LCRYPTO_SRC}/crypto/pem \ + ${LCRYPTO_SRC}/crypto/pkcs12 \ + ${LCRYPTO_SRC}/crypto/pkcs7 \ + ${LCRYPTO_SRC}/crypto/rand \ + ${LCRYPTO_SRC}/crypto/rc2 \ + ${LCRYPTO_SRC}/crypto/rc4 \ + ${LCRYPTO_SRC}/crypto/rc5 \ + ${LCRYPTO_SRC}/crypto/ripemd \ + ${LCRYPTO_SRC}/crypto/rsa \ + ${LCRYPTO_SRC}/crypto/sha \ + ${LCRYPTO_SRC}/crypto/stack \ + ${LCRYPTO_SRC}/crypto/threads \ + ${LCRYPTO_SRC}/crypto/txt_db \ + ${LCRYPTO_SRC}/crypto/ui \ + ${LCRYPTO_SRC}/crypto/x509 \ + ${LCRYPTO_SRC}/crypto/x509v3 \ + ${LCRYPTO_SRC} \ + ${.CURDIR}/man diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 5891d3a..97d97e4 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -1,33 +1,71 @@ # $FreeBSD$ -LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl/crypto -CFLAGS+= -DTERMIOS -DANSI_SOURCE -I${LCRYPTO_SRC} -I${.OBJDIR} +LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl +LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc + +CFLAGS+= -DTERMIOS -DANSI_SOURCE -DOPENSSL_NO_KRB5 +CFLAGS+= -I${LCRYPTO_SRC} -I${LCRYPTO_SRC}/crypto -I${.OBJDIR} + .if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES -CFLAGS+= -DNO_IDEA +CFLAGS+= -DNO_IDEA +.else +_idea_h= idea/idea.h .endif .if ${MACHINE_ARCH} == "i386" -CFLAGS+= -DL_ENDIAN -DSHA1_ASM -DBN_ASM -DMD5_ASM -DRMD160_ASM +CFLAGS+= -DL_ENDIAN .elif ${MACHINE_ARCH} == "alpha" # no ENDIAN stuff defined for alpha (64-bit) .endif -WITH_RSA?= YES - -HDRS+= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \ - buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \ - des/des.h dh/dh.h dsa/dsa.h ../e_os.h ../e_os2.h ebcdic.h \ - err/err.h hmac/hmac.h lhash/lhash.h md2/md2.h \ - md5/md5.h mdc2/mdc2.h objects/objects.h opensslv.h pem/pem.h \ - pem/pem2.h pkcs12/pkcs12.h pkcs7/pkcs7.h rand/rand.h rc2/rc2.h \ - rc4/rc4.h rc5/rc5.h ripemd/ripemd.h rsa/rsa.h stack/safestack.h \ - sha/sha.h stack/stack.h tmdiff.h txt_db/txt_db.h x509/x509.h \ - x509/x509_vfy.h x509v3/x509v3.h symhacks.h objects/obj_mac.h \ - md4/md4.h dso/dso.h conf/conf_api.h - -.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES -HDRS+= idea/idea.h -.endif +HDRS+= \ + ../e_os.h ../e_os2.h \ + crypto.h \ + ebcdic.h \ + opensslv.h \ + ossl_typ.h \ + symhacks.h \ + tmdiff.h \ + aes/aes.h aes/aes_locl.h \ + asn1/asn1.h asn1/asn1_mac.h asn1/asn1t.h \ + bio/bio.h \ + bf/blowfish.h \ + bn/bn.h \ + buffer/buffer.h \ + cast/cast.h \ + comp/comp.h \ + conf/conf.h conf/conf_api.h \ + des/des.h des/des_old.h \ + dh/dh.h \ + dsa/dsa.h \ + dso/dso.h \ + ec/ec.h \ + engine/eng_int.h engine/engine.h engine/hw_4758_cca_err.h \ + engine/hw_aep_err.h engine/hw_atalla_err.h engine/hw_cswift_err.h \ + engine/hw_ncipher_err.h engine/hw_nuron_err.h engine/hw_sureware_err.h \ + engine/hw_ubsec_err.h \ + err/err.h \ + hmac/hmac.h \ + ${_idea_h} \ + krb5/krb5_asn.h \ + lhash/lhash.h \ + md2/md2.h \ + md4/md4.h \ + md5/md5.h \ + mdc2/mdc2.h \ + ocsp/ocsp.h \ + objects/objects.h objects/obj_mac.h \ + pem/pem.h pem/pem2.h \ + pkcs12/pkcs12.h pkcs7/pkcs7.h \ + rand/rand.h \ + rc2/rc2.h rc4/rc4.h rc5/rc5.h \ + ripemd/ripemd.h \ + rsa/rsa.h \ + stack/stack.h stack/safestack.h \ + sha/sha.h \ + txt_db/txt_db.h \ + ui/ui.h ui/ui_compat.h ui/ui_locl.h \ + x509/x509.h x509/x509_vfy.h x509v3/x509v3.h SRCS+= buildinf.h openssl/opensslconf.h openssl/evp.h CLEANFILES+= buildinf.h openssl/opensslconf.h openssl/evp.h @@ -41,11 +79,11 @@ buildinf.h: echo " #define DATE \"`LC_ALL=C date`\""; \ echo "#endif" ) > ${.TARGET} -openssl/opensslconf.h: ../libcrypto/opensslconf-${MACHINE_ARCH}.h +openssl/opensslconf.h: ../../lib/libcrypto/opensslconf-${MACHINE_ARCH}.h mkdir -p openssl cp ${.OODATE} ${.TARGET} -openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h +openssl/evp.h: ${LCRYPTO_SRC}/crypto/evp/evp.h mkdir -p openssl .if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES sed '/^#ifndef NO_IDEA$$/,/^#endif$$/d' ${.OODATE} > ${.TARGET} @@ -54,8 +92,17 @@ openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h .endif SRCS+= ${HDRS:T:S;^;openssl/;} -.for h in ${HDRS:S/^/${LCRYPTO_SRC}\//} +.for h in ${HDRS:S/^/${LCRYPTO_SRC}\/crypto\//} openssl/${h:T}: ${h} mkdir -p openssl ${INSTALL} -C -m 444 ${h} openssl .endfor + +man-update: + for i in `( cd ${LCRYPTO_DOC}/${LIB}${PROG} ; ls *.pod )` ; do \ + cp ${LCRYPTO_DOC}/${LIB}/$$i . ;\ + pod2man --section=3 --release="0.9.7" --center="OpenSSL" \ + $$i > ${.CURDIR}/man/$${i%%.pod}.3 ;\ + rm $$i ;\ + echo $${i%%.pod} ;\ + done diff --git a/secure/lib/libcrypto/des_crypt.3 b/secure/lib/libcrypto/des_crypt.3 deleted file mode 100644 index ed12ff9..0000000 --- a/secure/lib/libcrypto/des_crypt.3 +++ /dev/null @@ -1,509 +0,0 @@ -.\" $FreeBSD$ -.TH DES_CRYPT 3 -.SH NAME -des_read_password, des_read_2password, -des_string_to_key, des_string_to_2key, des_read_pw_string, -des_random_key, des_set_key, -des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt, -des_3cbc_encrypt, -des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt, -des_cbc_cksum, des_quad_cksum, -des_enc_read, des_enc_write, des_set_odd_parity, -des_is_weak_key, crypt \- (non USA) DES encryption -.SH SYNOPSIS -.nf -.nj -.ft B -#include <openssl/des.h> -.PP -.B int des_read_password(key,prompt,verify) -des_cblock *key; -char *prompt; -int verify; -.PP -.B int des_read_2password(key1,key2,prompt,verify) -des_cblock *key1,*key2; -char *prompt; -int verify; -.PP -.B int des_string_to_key(str,key) -char *str; -des_cblock *key; -.PP -.B int des_string_to_2keys(str,key1,key2) -char *str; -des_cblock *key1,*key2; -.PP -.B int des_read_pw_string(buf,length,prompt,verify) -char *buf; -int length; -char *prompt; -int verify; -.PP -.B int des_random_key(key) -des_cblock *key; -.PP -.B int des_set_key(key,schedule) -des_cblock *key; -des_key_schedule schedule; -.PP -.B int des_key_sched(key,schedule) -des_cblock *key; -des_key_schedule schedule; -.PP -.B int des_ecb_encrypt(input,output,schedule,encrypt) -des_cblock *input; -des_cblock *output; -des_key_schedule schedule; -int encrypt; -.PP -.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt) -des_cblock *input; -des_cblock *output; -des_key_schedule ks1,ks2; -int encrypt; -.PP -.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule sk1; -des_key_schedule sk2; -des_cblock *ivec1; -des_cblock *ivec2; -int encrypt; -.PP -.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt) -unsigned char *input; -unsigned char *output; -int numbits; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec) -unsigned char *input,*output; -int numbits; -long length; -des_key_schedule schedule; -des_cblock *ivec; -.PP -.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -.PP -.B unsigned long des_quad_cksum(input,output,length,out_count,seed) -des_cblock *input; -des_cblock *output; -long length; -int out_count; -des_cblock *seed; -.PP -.B int des_check_key; -.PP -.B int des_enc_read(fd,buf,len,sched,iv) -int fd; -char *buf; -int len; -des_key_schedule sched; -des_cblock *iv; -.PP -.B int des_enc_write(fd,buf,len,sched,iv) -int fd; -char *buf; -int len; -des_key_schedule sched; -des_cblock *iv; -.PP -.B extern int des_rw_mode; -.PP -.B void des_set_odd_parity(key) -des_cblock *key; -.PP -.B int des_is_weak_key(key) -des_cblock *key; -.PP -.B char *crypt(passwd,salt) -char *passwd; -char *salt; -.PP -.fi -.SH DESCRIPTION -This library contains a fast implementation of the DES encryption -algorithm. -.PP -There are two phases to the use of DES encryption. -The first is the generation of a -.I des_key_schedule -from a key, -the second is the actual encryption. -A des key is of type -.I des_cblock. -This type is made from 8 characters with odd parity. -The least significant bit in the character is the parity bit. -The key schedule is an expanded form of the key; it is used to speed the -encryption process. -.PP -.I des_read_password -writes the string specified by prompt to the standard output, -turns off echo and reads an input string from standard input -until terminated with a newline. -If verify is non-zero, it prompts and reads the input again and verifies -that both entered passwords are the same. -The entered string is converted into a des key by using the -.I des_string_to_key -routine. -The new key is placed in the -.I des_cblock -that was passed (by reference) to the routine. -If there were no errors, -.I des_read_password -returns 0, --1 is returned if there was a terminal error and 1 is returned for -any other error. -.PP -.I des_read_2password -operates in the same way as -.I des_read_password -except that it generates 2 keys by using the -.I des_string_to_2key -function. -.PP -.I des_read_pw_string -is called by -.I des_read_password -to read and verify a string from a terminal device. -The string is returned in -.I buf. -The size of -.I buf -is passed to the routine via the -.I length -parameter. -.PP -.I des_string_to_key -converts a string into a valid des key. -.PP -.I des_string_to_2key -converts a string into 2 valid des keys. -This routine is best suited for used to generate keys for use with -.I des_ecb3_encrypt. -.PP -.I des_random_key -returns a random key that is made of a combination of process id, -time and an increasing counter. -.PP -Before a des key can be used it is converted into a -.I des_key_schedule -via the -.I des_set_key -routine. -If the -.I des_check_key -flag is non-zero, -.I des_set_key -will check that the key passed is of odd parity and is not a week or -semi-weak key. -If the parity is wrong, -then -1 is returned. -If the key is a weak key, -then -2 is returned. -If an error is returned, -the key schedule is not generated. -.PP -.I des_key_sched -is another name for the -.I des_set_key -function. -.PP -The following routines mostly operate on an input and output stream of -.I des_cblock's. -.PP -.I des_ecb_encrypt -is the basic DES encryption routine that encrypts or decrypts a single 8-byte -.I des_cblock -in -.I electronic code book -mode. -It always transforms the input data, pointed to by -.I input, -into the output data, -pointed to by the -.I output -argument. -If the -.I encrypt -argument is non-zero (DES_ENCRYPT), -the -.I input -(cleartext) is encrypted in to the -.I output -(ciphertext) using the key_schedule specified by the -.I schedule -argument, -previously set via -.I des_set_key. -If -.I encrypt -is zero (DES_DECRYPT), -the -.I input -(now ciphertext) -is decrypted into the -.I output -(now cleartext). -Input and output may overlap. -No meaningful value is returned. -.PP -.I des_ecb3_encrypt -encrypts/decrypts the -.I input -block by using triple ecb DES encryption. -This involves encrypting the input with -.I ks1, -decryption with the key schedule -.I ks2, -and then encryption with the first again. -This routine greatly reduces the chances of brute force breaking of -DES and has the advantage of if -.I ks1 -and -.I ks2 -are the same, it is equivalent to just encryption using ecb mode and -.I ks1 -as the key. -.PP -.I des_cbc_encrypt -encrypts/decrypts using the -.I cipher-block-chaining -mode of DES. -If the -.I encrypt -argument is non-zero, -the routine cipher-block-chain encrypts the cleartext data pointed to by the -.I input -argument into the ciphertext pointed to by the -.I output -argument, -using the key schedule provided by the -.I schedule -argument, -and initialisation vector provided by the -.I ivec -argument. -If the -.I length -argument is not an integral multiple of eight bytes, -the last block is copied to a temporary area and zero filled. -The output is always -an integral multiple of eight bytes. -To make multiple cbc encrypt calls on a large amount of data appear to -be one -.I des_cbc_encrypt -call, the -.I ivec -of subsequent calls should be the last 8 bytes of the output. -.PP -.I des_3cbc_encrypt -encrypts/decrypts the -.I input -block by using triple cbc DES encryption. -This involves encrypting the input with key schedule -.I ks1, -decryption with the key schedule -.I ks2, -and then encryption with the first again. -2 initialisation vectors are required, -.I ivec1 -and -.I ivec2. -Unlike -.I des_cbc_encrypt, -these initialisation vectors are modified by the subroutine. -This routine greatly reduces the chances of brute force breaking of -DES and has the advantage of if -.I ks1 -and -.I ks2 -are the same, it is equivalent to just encryption using cbc mode and -.I ks1 -as the key. -.PP -.I des_pcbc_encrypt -encrypt/decrypts using a modified block chaining mode. -It provides better error propagation characteristics than cbc -encryption. -.PP -.I des_cfb_encrypt -encrypt/decrypts using cipher feedback mode. This method takes an -array of characters as input and outputs and array of characters. It -does not require any padding to 8 character groups. Note: the ivec -variable is changed and the new changed value needs to be passed to -the next call to this function. Since this function runs a complete -DES ecb encryption per numbits, this function is only suggested for -use when sending small numbers of characters. -.PP -.I des_ofb_encrypt -encrypt using output feedback mode. This method takes an -array of characters as input and outputs and array of characters. It -does not require any padding to 8 character groups. Note: the ivec -variable is changed and the new changed value needs to be passed to -the next call to this function. Since this function runs a complete -DES ecb encryption per numbits, this function is only suggested for -use when sending small numbers of characters. -.PP -.I des_cbc_cksum -produces an 8 byte checksum based on the input stream (via cbc encryption). -The last 4 bytes of the checksum is returned and the complete 8 bytes is -placed in -.I output. -.PP -.I des_quad_cksum -returns a 4 byte checksum from the input bytes. -The algorithm can be iterated over the input, -depending on -.I out_count, -1, 2, 3 or 4 times. -If -.I output -is non-NULL, -the 8 bytes generated by each pass are written into -.I output. -.PP -.I des_enc_write -is used to write -.I len -bytes -to file descriptor -.I fd -from buffer -.I buf. -The data is encrypted via -.I pcbc_encrypt -(default) using -.I sched -for the key and -.I iv -as a starting vector. -The actual data send down -.I fd -consists of 4 bytes (in network byte order) containing the length of the -following encrypted data. The encrypted data then follows, padded with random -data out to a multiple of 8 bytes. -.PP -.I des_enc_read -is used to read -.I len -bytes -from file descriptor -.I fd -into buffer -.I buf. -The data being read from -.I fd -is assumed to have come from -.I des_enc_write -and is decrypted using -.I sched -for the key schedule and -.I iv -for the initial vector. -The -.I des_enc_read/des_enc_write -pair can be used to read/write to files, pipes and sockets. -I have used them in implementing a version of rlogin in which all -data is encrypted. -.PP -.I des_rw_mode -is used to specify the encryption mode to use with -.I des_enc_read -and -.I des_end_write. -If set to -.I DES_PCBC_MODE -(the default), des_pcbc_encrypt is used. -If set to -.I DES_CBC_MODE -des_cbc_encrypt is used. -These two routines and the variable are not part of the normal MIT library. -.PP -.I des_set_odd_parity -sets the parity of the passed -.I key -to odd. This routine is not part of the standard MIT library. -.PP -.I des_is_weak_key -returns 1 is the passed key is a weak key (pick again :-), -0 if it is ok. -This routine is not part of the standard MIT library. -.PP -.I crypt -is a replacement for the normal system crypt. -It is much faster than the system crypt. -.PP -.SH FILES -/usr/include/openssl/des.h -.br -/usr/lib/libcrypto.a -.PP -The encryption routines have been tested on 16bit, 32bit and 64bit -machines of various endian and even works under VMS. -.PP -.SH BUGS -.PP -If you think this manual is sparse, -read the des_crypt(3) manual from the MIT kerberos (or bones outside -of the USA) distribution. -.PP -.I des_cfb_encrypt -and -.I des_ofb_encrypt -operates on input of 8 bits. What this means is that if you set -numbits to 12, and length to 2, the first 12 bits will come from the 1st -input byte and the low half of the second input byte. The second 12 -bits will have the low 8 bits taken from the 3rd input byte and the -top 4 bits taken from the 4th input byte. The same holds for output. -This function has been implemented this way because most people will -be using a multiple of 8 and because once you get into pulling bytes input -bytes apart things get ugly! -.PP -.I des_read_pw_string -is the most machine/OS dependent function and normally generates the -most problems when porting this code. -.PP -.I des_string_to_key -is probably different from the MIT version since there are lots -of fun ways to implement one-way encryption of a text string. -.PP -The routines are optimised for 32 bit machines and so are not efficient -on IBM PCs. -.PP -NOTE: extensive work has been done on this library since this document -was origionally written. Please try to read des.doc from the libdes -distribution since it is far more upto date and documents more of the -functions. Libdes is now also being shipped as part of SSLeay, a -general cryptographic library that amonst other things implements -netscapes SSL protocoll. The most recent version can be found in -SSLeay distributions. -.SH AUTHOR -Eric Young (eay@cryptsoft.com) diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 new file mode 100644 index 0000000..8efcba9 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_OBJECT_new 3" +.TH ASN1_OBJECT_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +.SH "NOTES" +.IX Header "NOTES" +Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fIOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_ASN1_OBJECT(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 new file mode 100644 index 0000000..f824b27 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:46 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_length 3" +.TH ASN1_STRING_length 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \- +\&\s-1ASN1_STRING\s0 utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& int ASN1_STRING_length(ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +.Ve +.Vb 1 +\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +.Ve +.Vb 1 +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +.Ve +.Vb 1 +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +.Ve +.Vb 1 +\& int ASN1_STRING_type(ASN1_STRING *x); +.Ve +.Vb 1 +\& int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +.PP +\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fB*out\fR. The length of +\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +should be free using \fIOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedefed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per +character in big endian format, UTF8String will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fIASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 new file mode 100644 index 0000000..6942784 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_new 3" +.TH ASN1_STRING_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- +\&\s-1ASN1_STRING\s0 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fBtype\fR. +.PP +\&\fIASN1_STRING_free()\fR frees up \fBa\fR. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 new file mode 100644 index 0000000..d18ebec --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_print_ex 3" +.TH ASN1_STRING_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +.Ve +.Vb 3 +\& int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, ASN1_STRING *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fBfp\fR instead. +.PP +\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) +with '.'. +.SH "NOTES" +.IX Header "NOTES" +\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLAGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLAGS_RFC2253\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fBflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eWXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eUXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLAGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +X509_NAME_print_ex(3), +ASN1_tag2str(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index c7262a0..8f4965e 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:01 2002 +.\" Mon Jan 13 19:26:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index b525daa..21f513c 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:01 2002 +.\" Mon Jan 13 19:26:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_base64 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_base64 \- base64 \s-1BIO\s0 filter diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 5cb75b3..004c9e0 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:02 2002 +.\" Mon Jan 13 19:26:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_buffer 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_buffer \- buffering \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index a069642..dc6631b 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:03 2002 +.\" Mon Jan 13 19:26:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_cipher 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 3b9e097..e18bf11 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:03 2002 +.\" Mon Jan 13 19:26:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_md 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter @@ -168,7 +168,7 @@ Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and digest calculation and returns the digest value. \fIBIO_puts()\fR is not supported. .PP -\&\fIBIO_reset()\fR reinitializes a digest \s-1BIO\s0. +\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. .PP \&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index f1d9b02..09f121c 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:04 2002 +.\" Mon Jan 13 19:26:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_null 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_null \- null filter diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 1e8d72a..6e8899a 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:05 2002 +.\" Mon Jan 13 19:26:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_ssl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index e11997d..e310bf8 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:05 2002 +.\" Mon Jan 13 19:26:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_find_type 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index ca5f4f8..138c367 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:06 2002 +.\" Mon Jan 13 19:26:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions diff --git a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 b/secure/lib/libcrypto/man/BIO_new_bio_pair.3 deleted file mode 100644 index d867de6..0000000 --- a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 +++ /dev/null @@ -1,232 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:06 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "BIO_new_bio_pair 3" -.TH BIO_new_bio_pair 3 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -BIO_new_bio_pair \- create a new \s-1BIO\s0 pair -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/bio.h> -.Ve -.Vb 1 -\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fIBIO_new_bio_pair()\fR creates a buffering \s-1BIO\s0 pair. It has two endpoints between -data can be buffered. Its typical use is to connect one endpoint as underlying -input/output \s-1BIO\s0 to an \s-1SSL\s0 and access the other one controlled by the program -instead of accessing the network connection directly. -.PP -The two new BIOs \fBbio1\fR and \fBbio2\fR are symmetric with respect to their -functionality. The size of their buffers is determined by \fBwritebuf1\fR and -\&\fBwritebuf2\fR. If the size give is 0, the default size is used. -.PP -\&\fIBIO_new_bio_pair()\fR does not check whether \fBbio1\fR or \fBbio2\fR do point to -some other \s-1BIO\s0, the values are overwritten, \fIBIO_free()\fR is not called. -.PP -The two BIOs, even though forming a \s-1BIO\s0 pair and must be \fIBIO_free()\fR'ed -separately. This can be of importance, as some SSL-functions like \fISSL_set_bio()\fR -or \fISSL_free()\fR call \fIBIO_free()\fR implicitly, so that the peer-BIO is left -untouched and must also be \fIBIO_free()\fR'ed. -.SH "EXAMPLE" -.IX Header "EXAMPLE" -The \s-1BIO\s0 pair can be used to have full control over the network access of an -application. The application can call \fIselect()\fR on the socket as required -without having to go through the SSL-interface. -.PP -.Vb 6 -\& BIO *internal_bio, *network_bio; -\& ... -\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); -\& SSL_set_bio(ssl, internal_bio); -\& SSL_operations(); -\& ... -.Ve -.Vb 9 -\& application | TLS-engine -\& | | -\& +----------> SSL_operations() -\& | /\e || -\& | || \e/ -\& | BIO-pair (internal_bio) -\& +----------< BIO-pair (network_bio) -\& | | -\& socket | -.Ve -.Vb 4 -\& ... -\& SSL_free(ssl); /* implicitly frees internal_bio */ -\& BIO_free(network_bio); -\& ... -.Ve -As the \s-1BIO\s0 pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write -buffer is full or the read buffer is drained. Then the application has to -flush the write buffer and/or fill the read buffer. -.PP -Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 -and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to -find out, how many bytes must be written into the buffer before the -\&\fISSL_operation()\fR can successfully be continued. -.SH "IMPORTANT" -.IX Header "IMPORTANT" -As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 -condition, but there is still data in the write buffer. An application must -not rely on the error value of \fISSL_operation()\fR but must assure that the -write buffer is always flushed first. Otherwise a deadlock may occur as -the peer might be waiting for the data before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The \s-1BIO\s0 pair was created successfully. The new BIOs are available in -\&\fBbio1\fR and \fBbio2\fR. -.Ip "0" 4 -The operation failed. The \s-1NULL\s0 pointer is stored into the locations for -\&\fBbio1\fR and \fBbio2\fR. Check the error stack for more information. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_set_bio(3), ssl(3), bio(3), -BIO_ctrl_pending(3), -BIO_ctrl_get_read_request(3) diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index ec94074..2baa42d 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:07 2002 +.\" Mon Jan 13 19:26:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_push 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_push, BIO_pop \- add and remove BIOs from a chain. diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index b844303..3cc3d7b 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:08 2002 +.\" Mon Jan 13 19:27:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_read 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 3073f38..83cb87d 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:08 2002 +.\" Mon Jan 13 19:27:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,10 @@ .\" ====================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_accept 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port, +BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 .SH "SYNOPSIS" @@ -150,22 +150,22 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 \& #include <openssl/bio.h> .Ve .Vb 1 -\& BIO_METHOD * BIO_s_accept(void); +\& BIO_METHOD *BIO_s_accept(void); .Ve .Vb 2 -\& #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -\& #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +\& long BIO_set_accept_port(BIO *b, char *name); +\& char *BIO_get_accept_port(BIO *b); .Ve .Vb 1 \& BIO *BIO_new_accept(char *host_port); .Ve .Vb 2 -\& #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) -\& #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); .Ve .Vb 2 -\& #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -\& #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b, long dummy); .Ve .Vb 3 \& #define BIO_BIND_NORMAL 0 @@ -173,14 +173,14 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 \& #define BIO_BIND_REUSEADDR 2 .Ve .Vb 1 -\& #define BIO_do_accept(b) BIO_do_handshake(b) +\& int BIO_do_accept(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket accept routines. .PP -Using accept BIOs \s-1TCP/IP\s0 connections can be accepted and data +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP @@ -238,7 +238,7 @@ using \s-1BIO_BIND_REUSEADDR\s0. called, after the accept \s-1BIO\s0 has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to \fIBIO_do_accept()\fR will await an incoming -connection. +connection, or request a retry in non blocking mode. .SH "NOTES" .IX Header "NOTES" When an accept \s-1BIO\s0 is at the end of a chain it will await an @@ -275,6 +275,17 @@ perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable however because the accept \s-1BIO\s0 will still accept additional incoming connections. This can be resolved by using \fIBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, +\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and +\&\fIBIO_do_accept()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 6c76cd9..49214db 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:09 2002 +.\" Mon Jan 13 19:27:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, @@ -223,7 +223,9 @@ If the size is not initialized a default value is used. This is currently \&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and \&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is -zero then the default size is used. +zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, +\&\fIBIO_free()\fR is not called. .PP \&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum length of data that can be currently written to the \s-1BIO\s0. Writes larger than this @@ -263,9 +265,60 @@ buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] .SH "EXAMPLE" .IX Header "EXAMPLE" -\&\s-1TBA\s0 +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fIselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 6 +\& BIO *internal_bio, *network_bio; +\& ... +\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); +\& ... +.Ve +.Vb 9 +\& application | TLS-engine +\& | | +\& +----------> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO-pair (internal_bio) +\& +----------< BIO-pair (network_bio) +\& | | +\& socket | +.Ve +.Vb 4 +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fISSL_operation()\fR can successfully be continued. +.SH "WARNING" +.IX Header "WARNING" +As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fISSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. .SH "SEE ALSO" .IX Header "SEE ALSO" SSL_set_bio(3), ssl(3), bio(3), diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index fcb6a33..e4aae15 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:09 2002 +.\" Mon Jan 13 19:27:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_connect 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, @@ -153,28 +153,31 @@ BIO_set_nbio, BIO_do_connect \- connect \s-1BIO\s0 .Vb 1 \& BIO_METHOD * BIO_s_connect(void); .Ve +.Vb 1 +\& BIO *BIO_new_connect(char *name); +.Ve .Vb 8 -\& #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -\& #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -\& #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -\& #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -\& #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -\& #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -\& #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) -\& #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_ip(BIO *b, char *ip); +\& long BIO_set_conn_int_port(BIO *b, char *port); +\& char *BIO_get_conn_hostname(BIO *b); +\& char *BIO_get_conn_port(BIO *b); +\& char *BIO_get_conn_ip(BIO *b, dummy); +\& long BIO_get_conn_int_port(BIO *b, int port); .Ve .Vb 1 -\& #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +\& long BIO_set_nbio(BIO *b, long n); .Ve .Vb 1 -\& #define BIO_do_connect(b) BIO_do_handshake(b) +\& int BIO_do_connect(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket connection routines. .PP -Using connect BIOs \s-1TCP/IP\s0 connections can be made and data +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP @@ -197,7 +200,7 @@ to the same host again. it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname +\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address. The hostname can also include the port in the form hostname:port . It is also acceptable to use the form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R". @@ -230,6 +233,9 @@ is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP +\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP \&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the @@ -264,6 +270,11 @@ connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. +.PP +\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR, +\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR, +\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and +\&\fIBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index cade91f..861cf45 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:10 2002 +.\" Mon Jan 13 19:27:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index 6be9436..cb50f10 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:11 2002 +.\" Mon Jan 13 19:27:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index d3b422e..9b013a32 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:11 2002 +.\" Mon Jan 13 19:27:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_mem 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 0bf1015..b302476 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:12 2002 +.\" Mon Jan 13 19:27:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_null 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_null \- null data sink diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index e5fa8d4..53fa4ae 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:13 2002 +.\" Mon Jan 13 19:27:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_socket 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 @@ -148,11 +148,11 @@ BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 \& #include <openssl/bio.h> .Ve .Vb 1 -\& BIO_METHOD * BIO_s_socket(void); +\& BIO_METHOD *BIO_s_socket(void); .Ve .Vb 2 -\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +\& long BIO_set_fd(BIO *b, int fd, long close_flag); +\& long BIO_get_fd(BIO *b, int *c); .Ve .Vb 1 \& BIO *BIO_new_socket(int sock, int close_flag); @@ -169,10 +169,10 @@ If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP \&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close -flag to \fBc\fR. +flag to \fBclose_flag\fR. .PP \&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also -returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). +returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP \&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. .SH "NOTES" @@ -184,6 +184,8 @@ The reason for having separate file descriptor and socket BIOs is that on some platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms. +.PP +\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index a2a5996..b8e5ee4 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:13 2002 +.\" Mon Jan 13 19:27:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_set_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 38fc119..ba214df 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:14 2002 +.\" Mon Jan 13 19:27:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_should_retry 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_should_retry, BIO_should_read, BIO_should_write, diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index b4dff76..f4a4435 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:14 2002 +.\" Mon Jan 13 19:27:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures @@ -181,7 +181,7 @@ ERR_get_error(3). \&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_start(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 1629abf..f0d7ad2 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:15 2002 +.\" Mon Jan 13 19:27:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_CTX_start 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 7b4b694..9b58ec0 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:16 2002 +.\" Mon Jan 13 19:27:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,11 +138,12 @@ .\" ====================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_add 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp, -BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- +arithmetic operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,21 +158,35 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .Vb 1 \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); .Ve +.Vb 1 +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +.Ve .Vb 2 \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); .Ve .Vb 1 -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); .Ve .Vb 1 -\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); .Ve .Vb 2 -\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); .Ve .Vb 1 +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 1 \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); .Ve .Vb 2 @@ -183,45 +198,59 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_add()\fR adds \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a+b\*(C'\fR). -\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP -\&\fIBN_sub()\fR subtracts \fBb\fR from \fBa\fR and places the result in \fBr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). .PP -\&\fIBN_mul()\fR multiplies \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a*b\*(C'\fR). -\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For multiplication by powers of 2, use BN_lshift(3). .PP -\&\fIBN_div()\fR divides \fBa\fR by \fBd\fR and places the result in \fBdv\fR and the -remainder in \fBrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fBdv\fR and \fBrem\fR may -be \s-1NULL\s0, in which case the respective value is not returned. +\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. For division by powers of 2, use \fIBN_rshift\fR\|(3). .PP -\&\fIBN_sqr()\fR takes the square of \fBa\fR and places the result in \fBr\fR -(\f(CW\*(C`r=a^2\*(C'\fR). \fBr\fR and \fBa\fR may be the same \fB\s-1BIGNUM\s0\fR. -This function is faster than BN_mul(r,a,a). +\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. .PP -\&\fIBN_mod()\fR find the remainder of \fBa\fR divided by \fBm\fR and places it in -\&\fBrem\fR (\f(CW\*(C`rem=a%m\*(C'\fR). +\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +BN_mod_mul_montgomery(3) and +BN_mod_mul_reciprocal(3). .PP -\&\fIBN_mod_mul()\fR multiplies \fBa\fR by \fBb\fR and finds the remainder when -divided by \fBm\fR (\f(CW\*(C`r=(a*b)%m\*(C'\fR). \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR -or \fBb\fR. For a more efficient algorithm, see -BN_mod_mul_montgomery(3); for repeated -computations using the same modulus, see BN_mod_mul_reciprocal(3). +\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. .PP -\&\fIBN_exp()\fR raises \fBa\fR to the \fBp\fR\-th power and places the result in \fBr\fR +\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of \&\fIBN_mul()\fR. .PP -\&\fIBN_mod_exp()\fR computes \fBa\fR to the \fBp\fR\-th power modulo \fBm\fR (\f(CW\*(C`r=a^p % +\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. .PP -\&\fIBN_gcd()\fR computes the greatest common divisor of \fBa\fR and \fBb\fR and -places the result in \fBr\fR. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or -\&\fBb\fR. +\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. .PP -For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables; see BN_CTX_new(3). .PP Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from @@ -233,11 +262,13 @@ value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*( The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_CTX_new(3), +bn(3), ERR_get_error(3), BN_CTX_new(3), BN_add_word(3), BN_set_bit(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_div()\fR, \fIBN_sqr()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, +\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, \&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and -OpenSSL. The \fBctx\fR argument to \fIBN_mul()\fR was added in SSLeay +OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay 0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0. +\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index d831194..4a95bb3 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:16 2002 +.\" Mon Jan 13 19:27:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_add_word 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic @@ -188,7 +188,7 @@ on error. The error codes can be obtained by ERR_get_error(3). \&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3) +bn(3), ERR_get_error(3), BN_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 6a81049..0dcb8ee 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:17 2002 +.\" Mon Jan 13 19:27:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH BN_bn2bin 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, @@ -221,7 +221,7 @@ returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_zero(3), +bn(3), ERR_get_error(3), BN_zero(3), ASN1_INTEGER_to_BN(3), BN_num_bytes(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index cb21425..0c6fa73 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:18 2002 +.\" Mon Jan 13 19:27:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_cmp 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 1277075..c4a875e 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:18 2002 +.\" Mon Jan 13 19:27:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_copy 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_copy, BN_dup \- copy BIGNUMs @@ -164,7 +164,7 @@ the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be ob by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3) +bn(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index 383ccf8..22fb350 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:19 2002 +.\" Mon Jan 13 19:27:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_generate_prime 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality @@ -220,7 +220,7 @@ prime with an error probability of less than 0.25^\fBchecks\fR, and The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), rand(3) +bn(3), ERR_get_error(3), rand(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index d5249c6..5e737b2 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:19 2002 +.\" Mon Jan 13 19:27:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_mod_inverse 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_inverse \- compute inverse modulo n @@ -165,7 +165,7 @@ variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. \&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3) +bn(3), ERR_get_error(3), BN_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index 28702ce..1e6a1fa 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:20 2002 +.\" Mon Jan 13 19:27:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init, @@ -180,22 +180,23 @@ using the same modulus. \&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. \&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR. .PP -\&\fIBN_MONT_CTX_set()\fR sets up the \fBmont\fR structure from the modulus \fBm\fR +\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP -\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fBfrom\fR to \fBto\fR. +\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. .PP \&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. .PP -\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fBa\fR,\fBb\fR):=\fBa\fR*\fBb\fR*R^\-1 and places -the result in \fBr\fR. +\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. .PP -\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fBr\fR = \fBa\fR*R^\-1. +\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP -\&\fIBN_to_montgomery()\fR computes Mont(\fBa\fR,R^2), i.e. \fBa\fR*R. +\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. .PP -For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .PP The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows: @@ -222,9 +223,13 @@ on error. .PP For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3). +.SH "WARNING" +.IX Header "WARNING" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_new(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index db86899..de08e81 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:21 2002 +.\" Mon Jan 13 19:27:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init, @@ -211,7 +211,7 @@ For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_new(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 150ee3f..711a512 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:21 2002 +.\" Mon Jan 13 19:27:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs @@ -184,7 +184,7 @@ by ERR_get_error(3). values. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3) +bn(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 866e1e9..30517e2 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:22 2002 +.\" Mon Jan 13 19:27:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_num_bytes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 23e7399..717a0aa 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:22 2002 +.\" Mon Jan 13 19:27:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH BN_rand 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_rand, BN_pseudo_rand \- generate pseudo-random number @@ -186,7 +186,7 @@ The functions return 1 on success, 0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), rand(3), +bn(3), ERR_get_error(3), rand(3), RAND_add(3), RAND_bytes(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 5c5a4e1..88c276e 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:23 2002 +.\" Mon Jan 13 19:27:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_set_bit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, diff --git a/secure/lib/libcrypto/man/speed.1 b/secure/lib/libcrypto/man/BN_swap.3 index a0483b8..d431ae9 100644 --- a/secure/lib/libcrypto/man/speed.1 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:57 2002 +.\" Mon Jan 13 19:27:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,43 +137,24 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SPEED 1" -.TH SPEED 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "BN_swap 3" +.TH BN_swap 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -speed \- test library performance +BN_swap \- exchange BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl speed\fR -[\fBmd2\fR] -[\fBmdc2\fR] -[\fBmd5\fR] -[\fBhmac\fR] -[\fBsha1\fR] -[\fBrmd160\fR] -[\fBidea-cbc\fR] -[\fBrc2\-cbc\fR] -[\fBrc5\-cbc\fR] -[\fBbf-cbc\fR] -[\fBdes-cbc\fR] -[\fBdes-ede3\fR] -[\fBrc4\fR] -[\fBrsa512\fR] -[\fBrsa1024\fR] -[\fBrsa2048\fR] -[\fBrsa4096\fR] -[\fBdsa512\fR] -[\fBdsa1024\fR] -[\fBdsa2048\fR] -[\fBidea\fR] -[\fBrc2\fR] -[\fBdes\fR] -[\fBrsa\fR] -[\fBblowfish\fR] +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This command is used to test the performance of cryptographic algorithms. -.SH "OPTIONS" -.IX Header "OPTIONS" -If any options are given, \fBspeed\fR tests those algorithms, otherwise all of -the above are tested. +\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.PP +bn(3) +.SH "HISTORY" +.IX Header "HISTORY" +BN_swap was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 61613e7..80417db 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:24 2002 +.\" Mon Jan 13 19:27:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_zero 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment @@ -153,7 +153,7 @@ operations \& int BN_one(BIGNUM *a); .Ve .Vb 1 -\& BIGNUM *BN_value_one(void); +\& const BIGNUM *BN_value_one(void); .Ve .Vb 2 \& int BN_set_word(BIGNUM *a, unsigned long w); @@ -190,3 +190,6 @@ bn(3), BN_bn2bin(3) \&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in SSLeay 0.8. +.PP +\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL +0.9.7. diff --git a/secure/lib/libcrypto/man/CA.pl.1 b/secure/lib/libcrypto/man/CA.pl.1 deleted file mode 100644 index ac3f29c..0000000 --- a/secure/lib/libcrypto/man/CA.pl.1 +++ /dev/null @@ -1,298 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:38 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CA.PL 1" -.TH CA.PL 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -\&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fB\s-1CA\s0.pl\fR -[\fB\-?\fR] -[\fB\-h\fR] -[\fB\-help\fR] -[\fB\-newcert\fR] -[\fB\-newreq\fR] -[\fB\-newca\fR] -[\fB\-xsign\fR] -[\fB\-sign\fR] -[\fB\-signreq\fR] -[\fB\-signcert\fR] -[\fB\-verify\fR] -[\fBfiles\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line -arguments to the \fBopenssl\fR command for some common certificate operations. -It is intended to simplify the process of certificate creation and management -by the use of some simple options. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 -.IX Item "?, -h, -help" -prints a usage message. -.Ip "\fB\-newcert\fR" 4 -.IX Item "-newcert" -creates a new self signed certificate. The private key and certificate are -written to the file \*(L"newreq.pem\*(R". -.Ip "\fB\-newreq\fR" 4 -.IX Item "-newreq" -creates a new certificate request. The private key and request are -written to the file \*(L"newreq.pem\*(R". -.Ip "\fB\-newca\fR" 4 -.IX Item "-newca" -creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR -and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 -certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 -details of the \s-1CA\s0 will be prompted for. The relevant files and directories -are created in a directory called \*(L"demoCA\*(R" in the current directory. -.Ip "\fB\-pkcs12\fR" 4 -.IX Item "-pkcs12" -create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 -certificate. It expects the user certificate and private key to be in the -file \*(L"newcert.pem\*(R" and the \s-1CA\s0 certificate to be in the file demoCA/cacert.pem, -it creates a file \*(L"newcert.p12\*(R". This command can thus be called after the -\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. -If there is an additional argument on the command line it will be used as the -\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser -list box), otherwise the name \*(L"My Certificate\*(R" is used. -.Ip "\fB\-sign\fR, \fB\-signreq\fR, \fB\-xsign\fR" 4 -.IX Item "-sign, -signreq, -xsign" -calls the \fBca\fR program to sign a certificate request. It expects the request -to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file -\&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written -to standard output. -.Ip "\fB\-signCA\fR" 4 -.IX Item "-signCA" -this option is the same as the \fB\-signreq\fR option except it uses the configuration -file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This -is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. -.Ip "\fB\-signcert\fR" 4 -.IX Item "-signcert" -this option is the same as \fB\-sign\fR except it expects a self signed certificate -to be present in the file \*(L"newreq.pem\*(R". -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates -are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". -.Ip "\fBfiles\fR" 4 -.IX Item "files" -one or more optional certificate file names for use with the \fB\-verify\fR command. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a \s-1CA\s0 hierarchy: -.PP -.Vb 1 -\& CA.pl -newca -.Ve -Complete certificate creation example: create a \s-1CA\s0, create a request, sign -the request and finally create a PKCS#12 file containing it. -.PP -.Vb 4 -\& CA.pl -newca -\& CA.pl -newreq -\& CA.pl -signreq -\& CA.pl -pkcs12 "My Test Certificate" -.Ve -.SH "DSA CERTIFICATES" -.IX Header "DSA CERTIFICATES" -Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to -use it with \s-1DSA\s0 certificates and requests using the req(1) command -directly. The following example shows the steps that would typically be taken. -.PP -Create some \s-1DSA\s0 parameters: -.PP -.Vb 1 -\& openssl dsaparam -out dsap.pem 1024 -.Ve -Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: -.PP -.Vb 1 -\& openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem -.Ve -Create the \s-1CA\s0 directories and files: -.PP -.Vb 1 -\& CA.pl -newca -.Ve -enter cacert.pem when prompted for the \s-1CA\s0 file name. -.PP -Create a \s-1DSA\s0 certificate request and private key (a different set of parameters -can optionally be created first): -.PP -.Vb 1 -\& openssl req -out newreq.pem -newkey dsa:dsap.pem -.Ve -Sign the request: -.PP -.Vb 1 -\& CA.pl -signreq -.Ve -.SH "NOTES" -.IX Header "NOTES" -Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. -.PP -If the demoCA directory already exists then the \fB\-newca\fR command will not -overwrite it and will do nothing. This can happen if a previous call using -the \fB\-newca\fR option terminated abnormally. To get the correct behaviour -delete the demoCA directory if it already exists. -.PP -Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script -directly (for example Win32) and the default configuration file location may -be wrong. In this case the command: -.PP -.Vb 1 -\& perl -S CA.pl -.Ve -can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to -the correct path of the configuration file \*(L"openssl.cnf\*(R". -.PP -The script is intended as a simple front end for the \fBopenssl\fR program for use -by a beginner. Its behaviour isn't always what is wanted. For more control over the -behaviour of the certificate commands call the \fBopenssl\fR command directly. -.SH "ENVIRONMENT VARIABLES" -.IX Header "ENVIRONMENT VARIABLES" -The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration -file location to be specified, it should contain the full path to the -configuration file, not just its directory. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), ca(1), req(1), pkcs12(1), -config(5) diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index ef82f2b..c092894 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:24 2002 +.\" Mon Jan 13 19:27:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index a98535f..ef19bf1 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:25 2002 +.\" Mon Jan 13 19:27:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange @@ -179,7 +179,7 @@ on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), rand(3), DH_size(3) +dh(3), ERR_get_error(3), rand(3), DH_size(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 74b0d8a..06c93c1 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:25 2002 +.\" Mon Jan 13 19:27:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters @@ -196,7 +196,8 @@ If \fBgenerator\fR is not 2 or 5, \fBdh->g\fR=\fBgenerator\fR is not a usable generator. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), rand(3), DH_free(3) +dh(3), ERR_get_error(3), rand(3), +DH_free(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 2a9409a..2b741e8 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:26 2002 +.\" Mon Jan 13 19:27:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH DH_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 2a8546e..9c21b4f 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:27 2002 +.\" Mon Jan 13 19:27:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_new, DH_free \- allocate and free \s-1DH\s0 objects @@ -168,7 +168,7 @@ a pointer to the newly allocated structure. \&\fIDH_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), +dh(3), ERR_get_error(3), DH_generate_parameters(3), DH_generate_key(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 8a5c1b7..8dc77bb 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:27 2002 +.\" Mon Jan 13 19:27:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,51 +138,63 @@ .\" ====================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH DH_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -DH_set_default_method, DH_get_default_method, DH_set_method, -DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method +DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dh.h> +\& #include <openssl/engine.h> .Ve .Vb 1 -\& void DH_set_default_method(DH_METHOD *meth); +\& void DH_set_default_method(const DH_METHOD *meth); .Ve .Vb 1 -\& DH_METHOD *DH_get_default_method(void); +\& const DH_METHOD *DH_get_default_method(void); .Ve .Vb 1 -\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); +\& int DH_set_method(DH *dh, const DH_METHOD *meth); .Ve .Vb 1 -\& DH *DH_new_method(DH_METHOD *meth); +\& DH *DH_new_method(ENGINE *engine); .Ve .Vb 1 -\& DH_METHOD *DH_OpenSSL(void); +\& const DH_METHOD *DH_OpenSSL(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -Initially, the default is to use the OpenSSL internal implementation. -\&\fIDH_OpenSSL()\fR returns a pointer to that method. +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIDH_OpenSSL()\fR. .PP -\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DH\s0\fR -structures created later. +\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH\s0, so this function is no longer recommended. .PP -\&\fIDH_get_default_method()\fR returns a pointer to the current default -method. +\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. +However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDH_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdh\fR. +\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. .PP -\&\fIDH_new_method()\fR allocates and initializes a \fB\s-1DH\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1DH\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. +\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fIDH_set_default_method()\fR is used. .SH "THE DH_METHOD STRUCTURE" .IX Header "THE DH_METHOD STRUCTURE" .Vb 4 @@ -229,12 +241,22 @@ the default method is used. .PP \&\fIDH_set_default_method()\fR returns no value. .PP -\&\fIDH_set_method()\fR returns a pointer to the \fB\s-1DH_METHOD\s0\fR previously -associated with \fBdh\fR. +\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDH_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be -obtained by ERR_get_error(3) if the allocation fails. Otherwise it +\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie. +\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1DH\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" dh(3), DH_new(3) @@ -242,3 +264,13 @@ dh(3), DH_new(3) .IX Header "HISTORY" \&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR, \&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4. +.PP +\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced +\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and +\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For +0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +change was reversed, and behaviour of the other functions resembled more closely +the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now +transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without +requiring changing these function prototypes. diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 6ad0ac9..d33867b 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:28 2002 +.\" Mon Jan 13 19:27:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_size \- get Diffie-Hellman prime size diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 32ca1de..365b177 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:29 2002 +.\" Mon Jan 13 19:27:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_SIG_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects @@ -169,7 +169,8 @@ to the newly allocated structure. \&\fIDSA_SIG_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), DSA_do_sign(3) +dsa(3), ERR_get_error(3), +DSA_do_sign(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index a99f6d4..3b3e058 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:29 2002 +.\" Mon Jan 13 19:27:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_do_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations @@ -175,7 +175,7 @@ on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_SIG_new(3), DSA_sign(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 19bbf6e..57cb355 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:30 2002 +.\" Mon Jan 13 19:27:42 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_dup_DH 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure @@ -148,7 +148,7 @@ DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure \& #include <openssl/dsa.h> .Ve .Vb 1 -\& DH * DSA_dup_DH(DSA *r); +\& DH * DSA_dup_DH(const DSA *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -164,7 +164,7 @@ error codes can be obtained by ERR_get_error(3). Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), dsa(3), err(3) +dh(3), dsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 75e9490..fa93ee5 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:30 2002 +.\" Mon Jan 13 19:27:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_generate_key \- generate \s-1DSA\s0 key pair @@ -162,7 +162,8 @@ The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), DSA_generate_parameters(3) +dsa(3), ERR_get_error(3), rand(3), +DSA_generate_parameters(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_generate_key()\fR is available since SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index b9d4de7..9f9d01c 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:31 2002 +.\" Mon Jan 13 19:27:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_generate_parameters \- generate \s-1DSA\s0 parameters @@ -209,7 +209,7 @@ obtained by ERR_get_error(3). Seed lengths > 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_free(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 5638368..7f507a7 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:32 2002 +.\" Mon Jan 13 19:27:45 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 2810cc8..2d194b7 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:32 2002 +.\" Mon Jan 13 19:27:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects @@ -155,7 +155,8 @@ DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. +\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). .PP \&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are erased before the memory is returned to the system. @@ -169,7 +170,7 @@ to the newly allocated structure. \&\fIDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), +dsa(3), ERR_get_error(3), DSA_generate_parameters(3), DSA_generate_key(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 3114fb2..40ba101 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:33 2002 +.\" Mon Jan 13 19:27:47 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,27 +138,28 @@ .\" ====================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH DSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -DSA_set_default_method, DSA_get_default_method, DSA_set_method, -DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method +DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dsa.h> +\& #include <openssl/engine.h> .Ve .Vb 1 -\& void DSA_set_default_method(DSA_METHOD *meth); +\& void DSA_set_default_method(const DSA_METHOD *meth); .Ve .Vb 1 -\& DSA_METHOD *DSA_get_default_method(void); +\& const DSA_METHOD *DSA_get_default_method(void); .Ve .Vb 1 -\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); .Ve .Vb 1 -\& DSA *DSA_new_method(DSA_METHOD *meth); +\& DSA *DSA_new_method(ENGINE *engine); .Ve .Vb 1 \& DSA_METHOD *DSA_OpenSSL(void); @@ -167,22 +168,35 @@ DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method .IX Header "DESCRIPTION" A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -Initially, the default is to use the OpenSSL internal implementation. -\&\fIDSA_OpenSSL()\fR returns a pointer to that method. +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIDSA_OpenSSL()\fR. .PP -\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DSA\s0\fR -structures created later. +\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA\s0, so this function is no longer recommended. .PP \&\fIDSA_get_default_method()\fR returns a pointer to the current default -method. +\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependant on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. .PP -\&\fIDSA_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdsa\fR. +\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. .PP -\&\fIDSA_new_method()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1DSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. +\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fIDSA_set_default_method()\fR is used. .SH "THE DSA_METHOD STRUCTURE" .IX Header "THE DSA_METHOD STRUCTURE" struct @@ -237,18 +251,27 @@ struct .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the -respective \fB\s-1DSA_METHOD\s0\fRs. +\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. .PP \&\fIDSA_set_default_method()\fR returns no value. .PP -\&\fIDSA_set_method()\fR returns a pointer to the \fB\s-1DSA_METHOD\s0\fR previously -associated with \fBdsa\fR. +\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be +\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by ERR_get_error(3) if the allocation -fails. Otherwise it returns a pointer to the newly allocated -structure. +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie. +\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1DSA\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" dsa(3), DSA_new(3) @@ -256,3 +279,13 @@ dsa(3), DSA_new(3) .IX Header "HISTORY" \&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR, \&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4. +.PP +\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced +\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and +\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For +0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +change was reversed, and behaviour of the other functions resembled more closely +the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now +transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without +requiring changing these function prototypes. diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 28c80a8..1f179a4 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:33 2002 +.\" Mon Jan 13 19:27:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures @@ -194,7 +194,7 @@ ERR_get_error(3). Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_do_sign(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index c3fe807..4240dc6 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:34 2002 +.\" Mon Jan 13 19:27:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_size \- get \s-1DSA\s0 signature size @@ -148,7 +148,7 @@ DSA_size \- get \s-1DSA\s0 signature size \& #include <openssl/dsa.h> .Ve .Vb 1 -\& int DSA_size(DSA *dsa); +\& int DSA_size(const DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 4646117..31fbee7 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:35 2002 +.\" Mon Jan 13 19:27:51 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_GET_LIB 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index dfb3cae..4caf13d 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:35 2002 +.\" Mon Jan 13 19:27:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_clear_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_clear_error \- clear the error queue diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index aefdba4..1fccfac 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:36 2002 +.\" Mon Jan 13 19:27:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_error_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_error_string, ERR_error_string_n, ERR_lib_error_string, diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index d577510..d92e2cb 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:36 2002 +.\" Mon Jan 13 19:27:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,37 +138,46 @@ .\" ====================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_get_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line, -ERR_get_error_line_data, ERR_peek_error_line_data \- obtain error code and data +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_line_data, ERR_peek_error_line_data, +ERR_peek_last_error_line_data \- obtain error code and data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/err.h> .Ve -.Vb 2 +.Vb 3 \& unsigned long ERR_get_error(void); \& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); .Ve -.Vb 2 +.Vb 3 \& unsigned long ERR_get_error_line(const char **file, int *line); \& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); .Ve -.Vb 4 +.Vb 6 \& unsigned long ERR_get_error_line_data(const char **file, int *line, \& const char **data, int *flags); \& unsigned long ERR_peek_error_line_data(const char **file, int *line, \& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_get_error()\fR returns the last error code from the thread's error +\&\fIERR_get_error()\fR returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP -\&\fIERR_peek_error()\fR returns the last error code from the thread's +\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP See ERR_GET_LIB(3) for obtaining information about @@ -176,12 +185,14 @@ location and reason of the error, and ERR_error_string(3) for human-readable error messages. .PP -\&\fIERR_get_error_line()\fR and \fIERR_peek_error_line()\fR are the same as the -above, but they additionally store the file name and line number where +\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and +\&\fIERR_peek_last_error_line()\fR are the same as the above, but they +additionally store the file name and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP -\&\fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR store -additional data and flags associated with the error code in *\fBdata\fR +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_get_last_error_line_data()\fR store additional data and flags +associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR. If it has been allocated by \fIOPENSSL_malloc()\fR, *\fBflags\fR&\fB\s-1ERR_TXT_MALLOCED\s0\fR is true. @@ -198,3 +209,5 @@ ERR_GET_LIB(3) \&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR were added in SSLeay 0.9.0. +\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and +\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index e2a58cd..2215cf6 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:37 2002 +.\" Mon Jan 13 19:27:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_load_crypto_strings 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 802da11..c997831 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:38 2002 +.\" Mon Jan 13 19:27:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_load_strings 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index cd6f53a..2929461 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:38 2002 +.\" Mon Jan 13 19:27:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_print_errors 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_print_errors, ERR_print_errors_fp \- print error messages diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 91ebc96..23ebd97 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:39 2002 +.\" Mon Jan 13 19:27:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_put_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_put_error, ERR_add_error_data \- record an error diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index a6a23fe..64bd2aa 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:39 2002 +.\" Mon Jan 13 19:27:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_remove_state 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_remove_state \- free a thread's error queue diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 new file mode 100644 index 0000000..46fa6e7 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:01 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_BytesToKey 3" +.TH EVP_BytesToKey 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +.Vb 1 +\& EVP_BytesToKey - password based encryption routine +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key,unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR paramter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to peform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use more standard algorithms such as PKCS#5 +v2.0 for key derivation. +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV\s0. D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i-1) || data || salt) +.Ve +where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) +is HASH(HASH(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), rand(3), +EVP_EncryptInit(3), +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index e521c2e..ec683f0 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:40 2002 +.\" Mon Jan 13 19:28:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,12 +138,13 @@ .\" ====================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_DigestInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0, -EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, -EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, +EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, \s-1EVP_MAX_MD_SIZE\s0, +EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- \&\s-1EVP\s0 digest routines @@ -152,18 +153,34 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- .Vb 1 \& #include <openssl/evp.h> .Ve +.Vb 2 +\& void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +\& EVP_MD_CTX *EVP_MD_CTX_create(void); +.Ve .Vb 4 -\& void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); .Ve +.Vb 2 +\& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +.Ve .Vb 1 -\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +.Ve +.Vb 3 +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& unsigned int *s); .Ve .Vb 1 \& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); .Ve +.Vb 1 +\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +.Ve .Vb 4 \& #define EVP_MD_type(e) ((e)->type) \& #define EVP_MD_pkey_type(e) ((e)->pkey_type) @@ -177,15 +194,15 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- \& #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) .Ve .Vb 9 -\& EVP_MD *EVP_md_null(void); -\& EVP_MD *EVP_md2(void); -\& EVP_MD *EVP_md5(void); -\& EVP_MD *EVP_sha(void); -\& EVP_MD *EVP_sha1(void); -\& EVP_MD *EVP_dss(void); -\& EVP_MD *EVP_dss1(void); -\& EVP_MD *EVP_mdc2(void); -\& EVP_MD *EVP_ripemd160(void); +\& const EVP_MD *EVP_md_null(void); +\& const EVP_MD *EVP_md2(void); +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_sha(void); +\& const EVP_MD *EVP_sha1(void); +\& const EVP_MD *EVP_dss(void); +\& const EVP_MD *EVP_dss1(void); +\& const EVP_MD *EVP_mdc2(void); +\& const EVP_MD *EVP_ripemd160(void); .Ve .Vb 3 \& const EVP_MD *EVP_get_digestbyname(const char *name); @@ -196,25 +213,48 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high level interface to message digests. .PP -\&\fIEVP_DigestInit()\fR initializes a digest context \fBctx\fR to use a digest -\&\fBtype\fR: this will typically be supplied by a function such as -\&\fIEVP_sha1()\fR. +\&\fIEVP_MD_CTX_init()\fR initializes digest contet \fBctx\fR. +.PP +\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest contet. +.PP +\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this +function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR. +If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. .PP \&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This function can be called several times on the same \fBctx\fR to hash additional data. .PP -\&\fIEVP_DigestFinal()\fR retrieves the digest value from \fBctx\fR and places +\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -After calling \fIEVP_DigestFinal()\fR no additional calls to \fIEVP_DigestUpdate()\fR -can be made, but \fIEVP_DigestInit()\fR can be called to initialize a new +After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR +can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. .PP -\&\fIEVP_MD_CTX_copy()\fR can be used to copy the message digest state from +\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called +after a digest context is no longer needed. +.PP +\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the +space allocated to it, it should be called only on a context created +using \fIEVP_MD_CTX_create()\fR. +.PP +\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from \&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be -hashed which only differ in the last few bytes. +hashed which only differ in the last few bytes. \fBout\fR must be initialized +before calling this function. +.PP +\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except +the passed context \fBctx\fR does not have to be initialized, and it always +uses the default digest implementation. +.PP +\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest +contet \fBctx\fR is automatically cleaned up. +.PP +\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination +\&\fBout\fR does not have to be initialized. .PP \&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the @@ -252,9 +292,10 @@ an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initializ using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR do not return values. +\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for +success and 0 for failure. .PP -\&\fIEVP_MD_CTX_copy()\fR returns 1 if successful or 0 for failure. +\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. .PP \&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. @@ -277,6 +318,19 @@ transparent to the digest used and much more flexible. .PP \&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use +memory leaks will occur. .SH "EXAMPLE" .IX Header "EXAMPLE" This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the @@ -314,11 +368,13 @@ digest name passed on the command line. \& exit(1); \& } .Ve -.Vb 4 -\& EVP_DigestInit(&mdctx, md); +.Vb 6 +\& EVP_MD_CTX_init(&mdctx); +\& EVP_DigestInit_ex(&mdctx, md, NULL); \& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); \& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); -\& EVP_DigestFinal(&mdctx, md_value, &md_len); +\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len); +\& EVP_MD_CTX_cleanup(&mdctx); .Ve .Vb 4 \& printf("Digest is: "); @@ -328,16 +384,9 @@ digest name passed on the command line. .Ve .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. -.PP The link between digests and signing algorithms results in a situation where \&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0 even though they are identical digests. -.PP -The size of an \fB\s-1EVP_MD_CTX\s0\fR structure is determined at compile time: this results -in code that must be recompiled if the size of \fB\s-1EVP_MD_CTX\s0\fR increases. .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3), hmac(3), md2(3), @@ -347,3 +396,11 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR, +\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR +and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. +.PP +\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, +\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were +changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index cfab0cc..fd8d428 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:41 2002 +.\" Mon Jan 13 19:28:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,50 +138,76 @@ .\" ====================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_EncryptInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit, -EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate, -EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, -EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid, -EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, -EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, -EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, -EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, -EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, -EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, -EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines +EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, +EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, +EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, +EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, +EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, +EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, +EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, +EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, +EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding \- \s-1EVP\s0 cipher routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> .Ve +.Vb 1 +\& int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +.Ve .Vb 6 -\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv); \& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); -\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl); .Ve .Vb 6 -\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv); \& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); -\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, \& int *outl); .Ve .Vb 6 -\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv, int enc); +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); \& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv, int enc); \& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, \& int *outl); .Ve -.Vb 3 +.Vb 4 +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); \& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); \& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); \& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); @@ -221,14 +247,19 @@ EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines The \s-1EVP\s0 cipher routines are a high level interface to certain symmetric ciphers. .PP -\&\fIEVP_EncryptInit()\fR initializes a cipher context \fBctx\fR for encryption -with cipher \fBtype\fR. \fBtype\fR is normally supplied by a function such -as \fIEVP_des_cbc()\fR . \fBkey\fR is the symmetric key to use and \fBiv\fR is the -\&\s-1IV\s0 to use (if necessary), the actual number of bytes used for the -key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters -to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining -parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL\s0. -This is done when the default cipher parameters are not appropriate. +\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. +.PP +\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized +before calling this function. \fBtype\fR is normally supplied +by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +default implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL\s0. This is done when the default cipher parameters are not +appropriate. .PP \&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called @@ -236,32 +267,49 @@ multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient -room. The actual number of bytes written is placed in \fBoutl\fR. +room. The actual number of bytes written is placed in \fBoutl\fR. +.PP +If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fIEVP_EncryptUpdate()\fR should be made. .PP -\&\fIEVP_EncryptFinal()\fR encrypts the \*(L"final\*(R" data, that is any data that -remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 -padding). The encrypted final data is written to \fBout\fR which should -have sufficient space for one cipher block. The number of bytes written -is placed in \fBoutl\fR. After this function is called the encryption operation -is finished and no further calls to \fIEVP_EncryptUpdate()\fR should be made. +If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. .PP -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR are the +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an -error code if the final block is not correctly formatted. The parameters -and restrictions are identical to the encryption operations except that -the decrypted data buffer \fBout\fR passed to \fIEVP_DecryptUpdate()\fR should -have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the -cipher block size is 1 in which case \fBinl\fR bytes is sufficient. -.PP -\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR are functions -that can be used for decryption or encryption. The operation performed -depends on the value of the \fBenc\fR parameter. It should be set to 1 for -encryption, 0 for decryption and \-1 to leave the value unchanged (the -actual value of 'enc' being supplied in a previous call). -.PP -\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context. -It should be called after all operations using a cipher are complete -so sensitive information does not remain in memory. +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context +and free up any allocated memory associate with it. It should be called +after all operations using a cipher are complete so sensitive information +does not remain in memory. +.PP +\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a +similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and +\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR paramter does not need to be +initialized and they always use the default cipher implementation. +.PP +\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR behave in a +similar way to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and +\&\fIEVP_CipherFinal_ex()\fR except \fBctx\fR is automatically cleaned up +after the call. .PP \&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an @@ -272,6 +320,13 @@ passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The value is an internal value which may not have a corresponding \s-1OBJECT\s0 \&\s-1IDENTIFIER\s0. .PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default +encryption operations are padded using standard block padding and the +padding is checked and removed when decrypting. If the \fBpad\fR parameter +is zero then no padding is performed, the total amount of data encrypted +or decrypted must then be a multiple of the block size or an error will +occur. +.PP \&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length @@ -331,14 +386,14 @@ and set. Currently only the \s-1RC2\s0 effective key length and the number of ro \&\s-1RC5\s0 can be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR return 1 for success -and 0 for failure. +EVP_CIPHER_CTX_init, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and +\&\fIEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_DecryptInit()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_DecryptFinal()\fR returns 0 if the decrypt failed or 1 for success. +\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP -\&\fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_CipherFinal()\fR returns 0 for a decryption failure or 1 for success. +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP \&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure. .PP @@ -353,6 +408,8 @@ size. \&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key length. .PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length or zero if the cipher does not use an \s-1IV\s0. .PP @@ -428,24 +485,25 @@ encrypted then 5 padding bytes of value 5 will be added. .PP When decrypting the final block is checked to see if it has the correct form. .PP -Although the decryption operation can produce an error, it is not a strong -test that the input data or key is correct. A random block has better than -1 in 256 chance of being of the correct format and problems with the -input data earlier on will not produce a final decrypt error. -.PP -The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR, \fIEVP_EncryptFinal()\fR, -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR -and \fIEVP_CIPHER_CTX_cleanup()\fR did not return errors in OpenSSL version 0.9.5a or -earlier. Software only versions of encryption algorithms will never return -error codes for these functions, unless there is a programming error (for example -and attempt to set the key before the cipher is set in \fIEVP_EncryptInit()\fR ). +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, +\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. .SH "BUGS" .IX Header "BUGS" For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface. .PP -It should be possible to disable \s-1PKCS\s0 padding: currently it isn't. -.PP \&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a @@ -459,28 +517,128 @@ Get the number of rounds used in \s-1RC5:\s0 .PP .Vb 2 \& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); .Ve Get the \s-1RC2\s0 effective key length: .PP .Vb 2 \& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); .Ve Set the number of rounds used in \s-1RC5:\s0 .PP .Vb 2 \& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); .Ve -Set the number of rounds used in \s-1RC2:\s0 +Set the effective key length used in \s-1RC2:\s0 .PP .Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL); +\& int key_bits; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); +.Ve +Encrypt a string using blowfish: +.PP +.Vb 14 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* Bogus key and IV: we'd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX ctx; +\& FILE *out; +\& EVP_CIPHER_CTX_init(&ctx); +\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); +.Ve +.Vb 25 +\& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) +\& { +\& /* Error */ +\& return 0; +\& } +\& /* Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_cleanup(&ctx); +\& /* Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it wont be null terminated and may contain embedded +\& * nulls. +\& */ +\& out = fopen(outfile, "wb"); +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line: +.PP +.Vb 1 +\& S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d> +.Ve +General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an +80 bit key: +.PP +.Vb 16 +\& int do_crypt(FILE *in, FILE *out, int do_encrypt) +\& { +\& /* Allow enough space in output buffer for additional block */ +\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; +\& int inlen, outlen; +\& /* Bogus key and IV: we'd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = "0123456789"; +\& unsigned char iv[] = "12345678"; +\& /* Don't set key or IV because we will modify the parameters */ +\& EVP_CIPHER_CTX_init(&ctx); +\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); +\& EVP_CIPHER_CTX_set_key_length(&ctx, 10); +\& /* We finished modifying parameters so now we can set key and IV */ +\& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); +.Ve +.Vb 17 +\& for(;;) +\& { +\& inlen = fread(inbuf, 1, 1024, in); +\& if(inlen <= 0) break; +\& if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& } +\& if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +.Ve +.Vb 3 +\& EVP_CIPHER_CTX_cleanup(&ctx); +\& return 1; +\& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR, +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR, +\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 8b1de4d..d873c12 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:41 2002 +.\" Mon Jan 13 19:28:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH EVP_OpenInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 new file mode 100644 index 0000000..742e5e4 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:06 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_PKEY_new 3" +.TH EVP_PKEY_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 2 +\& EVP_PKEY *EVP_PKEY_new(void); +\& void EVP_PKEY_free(EVP_PKEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR +structure which is used by OpenSSL to store private keys. +.PP +\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions +which require a general private key without reference to any +particular algorithm. +.PP +The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a +private key to this empty structure the functions described in +EVP_PKEY_set1_RSA(3) should be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_PKEY_set1_RSA(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 new file mode 100644 index 0000000..3a5a958 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:07 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_PKEY_set1_RSA 3" +.TH EVP_PKEY_set1_RSA 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, +EVP_PKEY_type \- \s-1EVP_PKEY\s0 assignment functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); +.Ve +.Vb 4 +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +.Ve +.Vb 4 +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); +.Ve +.Vb 1 +\& int EVP_PKEY_type(int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value +\&\fBtype\fR. The type of a key can be obtained with +EVP_PKEY_type(pkey->type). The return value will be \s-1EVP_PKEY_RSA\s0, +\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding +key types or NID_undef if the key type is unassigned. +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_PKEY_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 970b98f..f2f0f21 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:42 2002 +.\" Mon Jan 13 19:28:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH EVP_SealInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption @@ -209,3 +209,4 @@ EVP_EncryptInit(3), EVP_OpenInit(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 3644176..88a56a0 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:43 2002 +.\" Mon Jan 13 19:28:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_SignInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions @@ -148,11 +148,14 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions \& #include <openssl/evp.h> .Ve .Vb 3 -\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); .Ve .Vb 1 +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.Vb 1 \& int EVP_PKEY_size(EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" @@ -160,9 +163,9 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to using digest -\&\fBtype\fR: this will typically be supplied by a function such as -\&\fIEVP_sha1()\fR. +\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with +\&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the @@ -172,17 +175,17 @@ same \fBctx\fR to include additional data. and places the signature in \fBsig\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the signature) will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes -will be written. After calling \fIEVP_SignFinal()\fR no additional calls to -\&\fIEVP_SignUpdate()\fR can be made, but \fIEVP_SignInit()\fR can be called to initialize -a new signature operation. +will be written. +.PP +\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default +implementation of digest \fBtype\fR. .PP \&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual signature returned by \fIEVP_SignFinal()\fR may be smaller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SignInit()\fR and \fIEVP_SignUpdate()\fR do not return values. -.PP -\&\fIEVP_SignFinal()\fR returns 1 for success and 0 for failure. +\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +for success and 0 for failure. .PP \&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. .PP @@ -201,11 +204,18 @@ EVP_DigestInit(3). When signing with \s-1DSA\s0 private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for \s-1RSA\s0 signatures. +.PP +The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +will occur. .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_VerifyInit(3), @@ -217,3 +227,5 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 06d78c5..77bef3d 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:43 2002 +.\" Mon Jan 13 19:28:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_VerifyInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions @@ -148,29 +148,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verifi \& #include <openssl/evp.h> .Ve .Vb 3 -\& void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); .Ve +.Vb 1 +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature verification routines are a high level interface to digital signatures. .PP -\&\fIEVP_VerifyInit()\fR initializes a verification context \fBctx\fR to using digest -\&\fBtype\fR: this will typically be supplied by a function such as \fIEVP_sha1()\fR. +\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling +\&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP \&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR -and against the \fBsiglen\fR bytes at \fBsigbuf\fR. After calling \fIEVP_VerifyFinal()\fR -no additional calls to \fIEVP_VerifyUpdate()\fR can be made, but \fIEVP_VerifyInit()\fR -can be called to initialize a new verification operation. +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_VerifyInit()\fR and \fIEVP_VerifyUpdate()\fR do not return values. +\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. .PP \&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some other error occurred. @@ -186,11 +192,18 @@ Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in EVP_DigestInit(3). +.PP +The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +will occur. .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3), @@ -203,3 +216,5 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7 diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 new file mode 100644 index 0000000..3b693a2 --- /dev/null +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:12 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "OBJ_nid2obj 3" +.TH OBJ_nid2obj 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, +OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- \s-1ASN1\s0 object utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& ASN1_OBJECT * OBJ_nid2obj(int n); +\& const char * OBJ_nid2ln(int n); +\& const char * OBJ_nid2sn(int n); +.Ve +.Vb 3 +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +.Ve +.Vb 1 +\& int OBJ_txt2nid(const char *s); +.Ve +.Vb 2 +\& ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +.Ve +.Vb 2 +\& int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); +\& ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +.Ve +.Vb 2 +\& int OBJ_create(const char *oid,const char *sn,const char *ln); +\& void OBJ_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. +.PP +\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR is an error occurred. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name <ln> or the short name <sn> respectively +or NID_undef if an error occurred. +.PP +\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be +a long name, a short name or the numerical respresentation of an object. +.PP +\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object. +.PP +\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should +be called before an application exits if any new objects were added +using \fIOBJ_create()\fR. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +New objects can be added by calling \fIOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 2 +\& ASN1_OBJECT *o; +\& o = OBJ_nid2obj(NID_commonName); +.Ve +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 3 +\& int new_nid; +\& ASN1_OBJECT *obj; +\& new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +.Ve +.Vb 1 +\& obj = OBJ_nid2obj(new_nid); +.Ve +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 61938c4..ab77dfe 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:44 2002 +.\" Mon Jan 13 19:28:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number @@ -211,6 +211,10 @@ or \*(L"built on: date not available\*(R" otherwise. .IX Item "SSLEAY_PLATFORM" The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" if available or \*(L"platform: information not available\*(R" otherwise. +.Ip "\s-1SSLEAY_DIR\s0" 4 +.IX Item "SSLEAY_DIR" +The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L" +if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise. .PP For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. .SH "RETURN VALUE" @@ -223,3 +227,4 @@ crypto(3) .IX Header "HISTORY" \&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL. \&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL. +\&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 575f328..1ae39b4 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:44 2002 +.\" Mon Jan 13 19:28:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \- diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 new file mode 100644 index 0000000..424a067 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:16 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS12_create 3" +.TH PKCS12_create 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +.Ve +.Vb 2 +\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certifictate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_PKCS12(3) +.SH "HISTORY" +.IX Header "HISTORY" +PKCS12_create was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 new file mode 100644 index 0000000..167bab6 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:17 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS12_parse 3" +.TH PKCS12_parse 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +.Ve +int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, STACK_OF(X509) **ca); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> +in which case additional certificates will be discarded. \fB*ca\fR can also +be a valid \s-1STACK\s0 in which case additional certificates are appended to +\&\fB*ca\fR. If \fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate +will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \fBX509\fR structure. +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this function. +More complex PKCS#12 files with multiple private keys will only return the first +match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates. +Other attributes are discarded. +.PP +Attributes currently cannot be store in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_PKCS12(3) +.SH "HISTORY" +.IX Header "HISTORY" +PKCS12_parse was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 new file mode 100644 index 0000000..bf61e1d --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:18 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_decrypt 3" +.TH PKCS7_decrypt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this +function or errors about unknown algorithms will occur. +.PP +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_encrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 new file mode 100644 index 0000000..4661d33 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:19 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_encrypt 3" +.TH PKCS7_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1PKCS7\s0 *PKCS7_encrypt(STACK_OF(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates +supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to +be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because +most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit +\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its +parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fIPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required +by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 new file mode 100644 index 0000000..0ada49f --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:20 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_sign 3" +.TH PKCS7_sign 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1PKCS7\s0 *PKCS7_sign(X509 *signcert, \s-1EVP_PKEY\s0 *pkey, STACK_OF(X509) *certs, \s-1BIO\s0 *data, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR +is the certificate to sign with, \fBpkey\fR is the corresponsding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the +PKCS#7 structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR +parameter though. This can reduce the size of the signature if the signers certificate +can be obtained by other means: for example a previously signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR +is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures +which are used in S/MIME plaintext signed messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required +by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. +.PP +The signedData structure includes several PKCS#7 autenticatedAttributes including +the signing time, the PKCS#7 content type and the supported list of ciphers in +an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes +will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any +of these algorithms is disabled then it will not be included. +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some +advanced attributes such as counter signatures are not supported. +.PP +The \s-1SHA1\s0 digest algorithm is currently always used. +.PP +When the signed data is not detached it will be stored in memory within the +\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be +signed due to memory restraints. There should be a way to sign data without +having to hold it all in memory, this would however require fairly major +revisions of the OpenSSL \s-1ASN1\s0 code. +.PP +Clear text signing does not store the content in memory but the way \fIPKCS7_sign()\fR +operates means that two passes of the data must typically be made: one to compute +the signatures and a second to output the data along with the signature. There +should be a way to process the data with only a single pass. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 new file mode 100644 index 0000000..3a9b1b0 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:22 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_verify 3" +.TH PKCS7_verify 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_verify \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int PKCS7_verify(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags); +.PP +int PKCS7_get0_signers(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certficate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fIPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative +value if an error occurs. +.PP +\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from ERR_get_error(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 15a7d91..7ece2c6 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:45 2002 +.\" Mon Jan 13 19:28:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_add 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index a3bd3fb..f635985 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:46 2002 +.\" Mon Jan 13 19:28:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_bytes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_bytes, RAND_pseudo_bytes \- generate random data @@ -174,7 +174,8 @@ functions return \-1 if they are not supported by the current \s-1RAND\s0 method. .SH "SEE ALSO" .IX Header "SEE ALSO" -rand(3), err(3), RAND_add(3) +rand(3), ERR_get_error(3), +RAND_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 317e9d3..e6efbc3 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:46 2002 +.\" Mon Jan 13 19:28:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_cleanup 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_cleanup \- erase the \s-1PRNG\s0 state diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index d5f6284..b59d0e5 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:47 2002 +.\" Mon Jan 13 19:28:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH RAND_egd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_egd \- query entropy gathering daemon @@ -151,6 +151,9 @@ RAND_egd \- query entropy gathering daemon \& int RAND_egd(const char *path); \& int RAND_egd_bytes(const char *path, int bytes); .Ve +.Vb 1 +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. @@ -166,6 +169,11 @@ When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy that can be retrieved from \s-1EGD\s0 over time is limited. +.PP +\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket +\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into +\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the +OpenSSL built-in \s-1PRNG\s0 using RAND_add(3). .SH "NOTES" .IX Header "NOTES" On systems without /dev/*random devices providing entropy from the kernel, @@ -185,11 +193,18 @@ available from http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . \&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run out of entropy. +.PP +OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fIRAND_bytes()\fR +or the status is checked via \fIRAND_status()\fR for the first time, if the socket +is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool. .SH "RETURN VALUE" .IX Header "RETURN VALUE" \&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, and \-1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG\s0. +.PP +\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered. .SH "SEE ALSO" .IX Header "SEE ALSO" rand(3), RAND_add(3), @@ -199,3 +214,7 @@ RAND_cleanup(3) \&\fIRAND_egd()\fR is available since OpenSSL 0.9.5. .PP \&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6. +.PP +\&\fIRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7. +.PP +The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index c61c512..6ae20f1 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:47 2002 +.\" Mon Jan 13 19:28:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH RAND_load_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 3c28fed..d38d589 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:48 2002 +.\" Mon Jan 13 19:28:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_set_rand_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method @@ -148,24 +148,32 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 me \& #include <openssl/rand.h> .Ve .Vb 1 -\& void RAND_set_rand_method(RAND_METHOD *meth); +\& void RAND_set_rand_method(const RAND_METHOD *meth); .Ve .Vb 1 -\& RAND_METHOD *RAND_get_rand_method(void); +\& const RAND_METHOD *RAND_get_rand_method(void); .Ve .Vb 1 \& RAND_METHOD *RAND_SSLeay(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random -number generation. By modifying the method, alternative -implementations such as hardware RNGs may be used. Initially, the -default is to use the OpenSSL internal implementation. \fIRAND_SSLeay()\fR -returns a pointer to that method. +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. By modifying the method, alternative implementations such as +hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important +information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of +\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -\&\fIRAND_set_rand_method()\fR sets the \s-1RAND\s0 method to \fBmeth\fR. -\&\fIRAND_get_rand_method()\fR returns a pointer to the current method. +Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIRAND_SSLeay()\fR. +.PP +\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is +true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function +is no longer recommended. +.PP +\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0. +However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 9 @@ -187,10 +195,25 @@ Each component may be \s-1NULL\s0 if the function is not implemented. .IX Header "RETURN VALUES" \&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and \&\fIRAND_SSLeay()\fR return pointers to the respective methods. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie. +\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1RAND\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" -rand(3) +rand(3), engine(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are available in all versions of OpenSSL. +.PP +In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to +take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been +reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used, +otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also +introduced in version 0.9.7. diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 1ad4f8b..afe90bd 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_blinding_on 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index f5a5581..9c31ac6 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_check_key \- validate private \s-1RSA\s0 keys @@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus and public exponent elements populated. It performs integrity checks on all the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private key data too. +.PP +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" -rsa(3), err(3) +rsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4. +\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 50e23bc..9253cab 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:50 2002 +.\" Mon Jan 13 19:28:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_generate_key \- generate \s-1RSA\s0 key pair @@ -186,7 +186,8 @@ error codes can be obtained by ERR_get_error(3). \&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rand(3), rsa(3), RSA_free(3) +ERR_get_error(3), rand(3), rsa(3), +RSA_free(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR argument was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index f8fccb7..ce2be62 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:50 2002 +.\" Mon Jan 13 19:28:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 7869f1a..e1e32dc 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:51 2002 +.\" Mon Jan 13 19:28:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects @@ -155,7 +155,8 @@ RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. +\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). .PP \&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is erased before the memory is returned to the system. @@ -168,7 +169,9 @@ a pointer to the newly allocated structure. \&\fIRSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rsa(3), RSA_generate_key(3) +ERR_get_error(3), rsa(3), +RSA_generate_key(3), +RSA_new_method(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index fb2dba4..e17331e 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:52 2002 +.\" Mon Jan 13 19:28:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 9a0494c..da3787a 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:52 2002 +.\" Mon Jan 13 19:28:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,12 +138,12 @@ .\" ====================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_print 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, -DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic -parameters +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp \- print cryptographic parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index e7e63f6..ba0fd87 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:53 2002 +.\" Mon Jan 13 19:28:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_private_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_private_encrypt, RSA_public_decrypt \- low level signature operations @@ -192,7 +192,8 @@ On error, \-1 is returned; the error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rsa(3), RSA_sign(3), RSA_verify(3) +ERR_get_error(3), rsa(3), +RSA_sign(3), RSA_verify(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 407b578..a516181 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:54 2002 +.\" Mon Jan 13 19:28:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_public_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography @@ -202,10 +202,8 @@ obtained by ERR_get_error(3). \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rand(3), rsa(3), RSA_size(3) -.SH "NOTES" -.IX Header "NOTES" -The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode. +ERR_get_error(3), rand(3), rsa(3), +RSA_size(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index df55757..ee2ada5 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:54 2002 +.\" Mon Jan 13 19:28:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,40 +138,37 @@ .\" ====================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, -RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method +RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, +RSA_new_method \- select \s-1RSA\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> .Ve .Vb 1 -\& void RSA_set_default_method(RSA_METHOD *meth); +\& void RSA_set_default_method(const RSA_METHOD *meth); .Ve .Vb 1 \& RSA_METHOD *RSA_get_default_method(void); .Ve .Vb 1 -\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); .Ve .Vb 1 -\& RSA_METHOD *RSA_get_method(RSA *rsa); +\& RSA_METHOD *RSA_get_method(const RSA *rsa); .Ve .Vb 1 \& RSA_METHOD *RSA_PKCS1_SSLeay(void); .Ve .Vb 1 -\& RSA_METHOD *RSA_PKCS1_RSAref(void); -.Ve -.Vb 1 \& RSA_METHOD *RSA_null_method(void); .Ve .Vb 1 -\& int RSA_flags(RSA *rsa); +\& int RSA_flags(const RSA *rsa); .Ve .Vb 1 \& RSA *RSA_new_method(RSA_METHOD *method); @@ -179,32 +176,45 @@ RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. -.PP -Initially, the default is to use the OpenSSL internal implementation, -unless OpenSSL was configured with the \f(CW\*(C`rsaref\*(C'\fR or \f(CW\*(C`\-DRSA_NULL\*(C'\fR -options. \fIRSA_PKCS1_SSLeay()\fR returns a pointer to that method. +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -\&\fIRSA_PKCS1_RSAref()\fR returns a pointer to a method that uses the RSAref -library. This is the default method in the \f(CW\*(C`rsaref\*(C'\fR configuration; -the function is not available in other configurations. -\&\fIRSA_null_method()\fR returns a pointer to a method that does not support -the \s-1RSA\s0 transformation. It is the default if OpenSSL is compiled with -\&\f(CW\*(C`\-DRSA_NULL\*(C'\fR. These methods may be useful in the \s-1USA\s0 because of a -patent on the \s-1RSA\s0 cryptosystem. +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIRSA_PKCS1_SSLeay()\fR. .PP -\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1RSA\s0\fR -structures created later. +\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA\s0, so this function is no longer recommended. .PP \&\fIRSA_get_default_method()\fR returns a pointer to the current default -method. +\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependant on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. .PP -\&\fIRSA_set_method()\fR selects \fBmeth\fR for all operations using the key -\&\fBrsa\fR. +\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. .PP -\&\fIRSA_get_method()\fR returns a pointer to the method currently selected -for \fBrsa\fR. +\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fIRSA_set_method()\fR. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. .PP \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. .PP @@ -288,18 +298,42 @@ the default method is used. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_RSAref()\fR, \fIRSA_PKCS1_null_method()\fR, -\&\fIRSA_get_default_method()\fR and \fIRSA_get_method()\fR return pointers to the -respective \fB\s-1RSA_METHOD\s0\fRs. +\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR +and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. .PP \&\fIRSA_set_default_method()\fR returns no value. .PP -\&\fIRSA_set_method()\fR returns a pointer to the \fB\s-1RSA_METHOD\s0\fR previously -associated with \fBrsa\fR. +\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fIRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. .PP -\&\fIRSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be -obtained by ERR_get_error(3) if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by ERR_get_error(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with +other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR +modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an +\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0 +\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the +recommended way to control default implementations for use in \s-1RSA\s0 and other +cryptographic algorithms. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fIRSA_flags()\fR function \- in effect +\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" rsa(3), RSA_new(3) @@ -309,3 +343,14 @@ rsa(3), RSA_new(3) \&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were added in OpenSSL 0.9.4. +.PP +\&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR +replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR +respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use +\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine +version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0 +\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the +other functions resembled more closely the previous behaviour. The +behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the +behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these +function prototypes. diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 7698a4a..b4251d7 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:55 2002 +.\" Mon Jan 13 19:28:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_sign, RSA_verify \- \s-1RSA\s0 signatures @@ -187,8 +187,8 @@ for compatibility with SSLeay 0.4.5 :\-) \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), objects(3), rsa(3), -RSA_private_encrypt(3), +ERR_get_error(3), objects(3), +rsa(3), RSA_private_encrypt(3), RSA_public_decrypt(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 978dfa9..326b0a9 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:55 2002 +.\" Mon Jan 13 19:28:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures @@ -185,8 +185,8 @@ The error codes can be obtained by ERR_get_error(3). These functions serve no recognizable purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), objects(3), rand(3), -rsa(3), RSA_sign(3), +ERR_get_error(3), objects(3), +rand(3), rsa(3), RSA_sign(3), RSA_verify(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 4c195b8..4c7dbee 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:56 2002 +.\" Mon Jan 13 19:28:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_size \- get \s-1RSA\s0 modulus size @@ -148,7 +148,7 @@ RSA_size \- get \s-1RSA\s0 modulus size \& #include <openssl/rsa.h> .Ve .Vb 1 -\& int RSA_size(RSA *rsa); +\& int RSA_size(const RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 new file mode 100644 index 0000000..e482725 --- /dev/null +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SMIME_read_PKCS7 3" +.TH SMIME_read_PKCS7 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1PKCS7\s0 *SMIME_read_PKCS7(\s-1BIO\s0 *in, \s-1BIO\s0 **bcont); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fIPKCS7_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +.Ve +.Vb 1 +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_type(3) +SMIME_read_PKCS7(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 new file mode 100644 index 0000000..99eafe7 --- /dev/null +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:46 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SMIME_write_PKCS7 3" +.TH SMIME_write_PKCS7 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int SMIME_write_PKCS7(\s-1BIO\s0 *out, \s-1PKCS7\s0 *p7, \s-1BIO\s0 *data, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate +\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is +being used then the signed data must be supplied in the \fBdata\fR +argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fIPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If cleartext signing is being used then the data must be read twice: +once to compute the signature in \fIPKCS7_sign()\fR and once to output the +S/MIME message. +.SH "BUGS" +.IX Header "BUGS" +\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.PP +There should really be a way to produce cleartext signing using only +a single pass of the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 new file mode 100644 index 0000000..11907bd --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_ENTRY_get_object 3" +.TH X509_NAME_ENTRY_get_object 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1ASN1_OBJECT\s0 * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +\&\s-1ASN1_STRING\s0 * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +.PP +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, \s-1ASN1_OBJECT\s0 *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); +.PP +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \s-1ASN1_OBJECT\s0 *obj, int type,unsigned char *bytes, int len); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fIX509_NAME_get_entry()\fR for example. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR, +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3), +\&\fIOBJ_nid2obj\fR\|(3),OBJ_nid2obj(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 0000000..754b9e3 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_add_entry_by_txt 3" +.TH X509_NAME_add_entry_by_txt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and +\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommened for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fIASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 13 +\& X509_NAME *nm; +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "C", "UK", -1, -1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "O", "Disorganized Organization", -1, -1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "CN", "Joe Bloggs", -1, -1, 0)) +\& /* Error */ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, +\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 new file mode 100644 index 0000000..0b8081e --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:49 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_get_index_by_NID 3" +.TH X509_NAME_get_index_by_NID 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- +X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); +.PP +int X509_NAME_entry_count(X509_NAME *name); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +.PP +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, char *buf,int len); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR are +legacy functions which have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a muticharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fIX509_NAME_get_index_by_NID()\fR or +\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +.Ve +.Vb 5 +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) +\& { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +Process all commonName entries: +.PP +.Vb 2 +\& int loc; +\& X509_NAME_ENTRY *e; +.Ve +.Vb 9 +\& loc = -1; +\& for (;;) +\& { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == -1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 new file mode 100644 index 0000000..bb2e9ac --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:50 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_print_ex 3" +.TH X509_NAME_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline \- X509_NAME printing routines. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 4 +\& int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); +\& char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); +\& int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. At most \fBsize\fR +bytes will be written. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated +and returned, otherwise \fBbuf\fR is returned. +.PP +\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR are legacy functions which +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. Their use is strongly discouraged in new +applications. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the ASN1_STRING_print_ex(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLAGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format it is the same as: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format is is the same as: + \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ASN1_STRING_print_ex(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 new file mode 100644 index 0000000..44d0c72 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:52 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_new 3" +.TH X509_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fIX509_new()\fR allocates and initializes a X509 structure. +.PP +\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/asn1parse.1 b/secure/lib/libcrypto/man/asn1parse.1 deleted file mode 100644 index 6401c61..0000000 --- a/secure/lib/libcrypto/man/asn1parse.1 +++ /dev/null @@ -1,251 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:39 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -asn1parse \- \s-1ASN\s0.1 parsing tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBasn1parse\fR -[\fB\-inform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-offset number\fR] -[\fB\-length number\fR] -[\fB\-i\fR] -[\fB\-oid filename\fR] -[\fB\-strparse offset\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1 -structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-inform\fR \fBDER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -the input format. \fB\s-1DER\s0\fR is binary format and \fB\s-1PEM\s0\fR (the default) is base64 -encoded. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input file, default is standard input -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -output file to place the \s-1DER\s0 encoded data into. If this -option is not present then no data will be output. This is most useful when -combined with the \fB\-strparse\fR option. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the parsed version of the input file. -.Ip "\fB\-offset number\fR" 4 -.IX Item "-offset number" -starting offset to begin parsing, default is start of file. -.Ip "\fB\-length number\fR" 4 -.IX Item "-length number" -number of bytes to parse, default is until end of file. -.Ip "\fB\-i\fR" 4 -.IX Item "-i" -indents the output according to the \*(L"depth\*(R" of the structures. -.Ip "\fB\-oid filename\fR" 4 -.IX Item "-oid filename" -a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this -file is described in the \s-1NOTES\s0 section below. -.Ip "\fB\-strparse offset\fR" 4 -.IX Item "-strparse offset" -parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This -option can be used multiple times to \*(L"drill down\*(R" into a nested structure. -.Sh "\s-1OUTPUT\s0" -.IX Subsection "OUTPUT" -The output will typically contain lines like this: -.PP -.Vb 1 -\& 0:d=0 hl=4 l= 681 cons: SEQUENCE -.Ve -\&..... -.PP -.Vb 10 -\& 229:d=3 hl=3 l= 141 prim: BIT STRING -\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] -\& 376:d=3 hl=3 l= 159 cons: SEQUENCE -\& 379:d=4 hl=2 l= 29 cons: SEQUENCE -\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier -\& 386:d=5 hl=2 l= 22 prim: OCTET STRING -\& 410:d=4 hl=2 l= 112 cons: SEQUENCE -\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier -\& 417:d=5 hl=2 l= 105 prim: OCTET STRING -\& 524:d=4 hl=2 l= 12 cons: SEQUENCE -.Ve -\&..... -.PP -This example is part of a self signed certificate. Each line starts with the -offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased -within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length -(tag and length octets) of the current type. \fBl=XX\fR gives the length of -the contents octets. -.PP -The \fB\-i\fR option can be used to make the output more readable. -.PP -Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. -.PP -In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. -The contents octets of this will contain the public key information. This can -be examined using the option \fB\-strparse 229\fR to yield: -.PP -.Vb 3 -\& 0:d=0 hl=3 l= 137 cons: SEQUENCE -\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 -\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 -.Ve -.SH "NOTES" -.IX Header "NOTES" -If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in -numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option -allows additional OIDs to be included. Each line consists of three columns, -the first column is the \s-1OID\s0 in numerical format and should be followed by white -space. The second column is the \*(L"short name\*(R" which is a single word followed -by white space. The final column is the rest of the line and is the -\&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example: -.PP -\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR -.SH "BUGS" -.IX Header "BUGS" -There should be options to change the format of input lines. The output of some -\&\s-1ASN\s0.1 types is not well handled (if at all). diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 327f8b1..a2f96bc 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:57 2002 +.\" Mon Jan 13 19:28:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bio 3" -.TH bio 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bio \- I/O abstraction diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index 4433e24..789c06e 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:57 2002 +.\" Mon Jan 13 19:28:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH blowfish 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 0c1e345..e3ed4c7 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:58 2002 +.\" Mon Jan 13 19:28:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bn 3" -.TH bn 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH bn 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bn \- multiprecision integer arithmetics @@ -163,21 +163,30 @@ bn \- multiprecision integer arithmetics \& BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); \& BIGNUM *BN_dup(const BIGNUM *a); .Ve +.Vb 1 +\& BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); +.Ve .Vb 3 \& int BN_num_bytes(const BIGNUM *a); \& int BN_num_bits(const BIGNUM *a); \& int BN_num_bits_word(BN_ULONG w); .Ve -.Vb 13 -\& int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); +.Vb 19 +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); \& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); +\& int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); \& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx); @@ -201,7 +210,7 @@ bn \- multiprecision integer arithmetics .Vb 5 \& int BN_zero(BIGNUM *a); \& int BN_one(BIGNUM *a); -\& BIGNUM *BN_value_one(void); +\& const BIGNUM *BN_value_one(void); \& int BN_set_word(BIGNUM *a, unsigned long w); \& unsigned long BN_get_word(BIGNUM *a); .Ve @@ -291,7 +300,7 @@ of \fB\s-1BIGNUM\s0\fRs to external formats is described in BN_bn2bin(3). bn_internal(3), dh(3), err(3), rand(3), rsa(3), BN_new(3), BN_CTX_new(3), -BN_copy(3), BN_num_bytes(3), +BN_copy(3), BN_swap(3), BN_num_bytes(3), BN_add(3), BN_add_word(3), BN_cmp(3), BN_zero(3), BN_rand(3), BN_generate_prime(3), BN_set_bit(3), diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index a00f9dcb..8b4546b 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:58 2002 +.\" Mon Jan 13 19:28:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH bn_internal 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, @@ -176,9 +176,9 @@ library internal functions \& int nb); \& void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); \& void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, -\& BN_ULONG *tmp); +\& int dna,int dnb,BN_ULONG *tmp); \& void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, -\& int tn, int n, BN_ULONG *tmp); +\& int n, int tna,int tnb, BN_ULONG *tmp); \& void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, \& int n2, BN_ULONG *tmp); \& void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, @@ -297,14 +297,15 @@ bn_mul_low_normal(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR wo arrays \fBr\fR, \fBa\fR and \fBb\fR. It computes the \fBn\fR low words of \&\fBa\fR*\fBb\fR and places the result in \fBr\fR. .PP -bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBt\fR) operates on the \fBn2\fR -word arrays \fBa\fR and \fBb\fR and the 2*\fBn2\fR word arrays \fBr\fR and \fBt\fR. -\&\fBn2\fR must be a power of 2. It computes \fBa\fR*\fBb\fR and places the -result in \fBr\fR. +bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBdna\fR, \fBdnb\fR, \fBt\fR) operates +on the word arrays \fBa\fR and \fBb\fR of length \fBn2\fR+\fBdna\fR and \fBn2\fR+\fBdnb\fR +(\fBdna\fR and \fBdnb\fR are currently allowed to be 0 or negative) and the 2*\fBn2\fR +word arrays \fBr\fR and \fBt\fR. \fBn2\fR must be a power of 2. It computes +\&\fBa\fR*\fBb\fR and places the result in \fBr\fR. .PP -bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBtn\fR, \fBn\fR, \fBtmp\fR) operates -on the \fBn\fR+\fBtn\fR word arrays \fBa\fR and \fBb\fR and the 4*\fBn\fR word arrays -\&\fBr\fR and \fBtmp\fR. +bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR, \fBtna\fR, \fBtnb\fR, \fBtmp\fR) +operates on the word arrays \fBa\fR and \fBb\fR of length \fBn\fR+\fBtna\fR and +\&\fBn\fR+\fBtnb\fR and the 4*\fBn\fR word arrays \fBr\fR and \fBtmp\fR. .PP bn_mul_low_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBtmp\fR) operates on the \&\fBn2\fR word arrays \fBr\fR and \fBtmp\fR and the \fBn2\fR/2 word arrays \fBa\fR diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 4687d39..4920493 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:59 2002 +.\" Mon Jan 13 19:28:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH buffer 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple diff --git a/secure/lib/libcrypto/man/ca.1 b/secure/lib/libcrypto/man/ca.1 deleted file mode 100644 index 86f7b2c..0000000 --- a/secure/lib/libcrypto/man/ca.1 +++ /dev/null @@ -1,587 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:40 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CA 1" -.TH CA 1 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -ca \- sample minimal \s-1CA\s0 application -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBca\fR -[\fB\-verbose\fR] -[\fB\-config filename\fR] -[\fB\-name section\fR] -[\fB\-gencrl\fR] -[\fB\-revoke file\fR] -[\fB\-crldays days\fR] -[\fB\-crlhours hours\fR] -[\fB\-crlexts section\fR] -[\fB\-startdate date\fR] -[\fB\-enddate date\fR] -[\fB\-days arg\fR] -[\fB\-md arg\fR] -[\fB\-policy arg\fR] -[\fB\-keyfile arg\fR] -[\fB\-key arg\fR] -[\fB\-passin arg\fR] -[\fB\-cert file\fR] -[\fB\-in file\fR] -[\fB\-out file\fR] -[\fB\-notext\fR] -[\fB\-outdir dir\fR] -[\fB\-infiles\fR] -[\fB\-spkac file\fR] -[\fB\-ss_cert file\fR] -[\fB\-preserveDN\fR] -[\fB\-batch\fR] -[\fB\-msie_hack\fR] -[\fB\-extensions section\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used -to sign certificate requests in a variety of forms and generate -CRLs it also maintains a text database of issued certificates -and their status. -.PP -The options descriptions will be divided into each purpose. -.SH "CA OPTIONS" -.IX Header "CA OPTIONS" -.Ip "\fB\-config filename\fR" 4 -.IX Item "-config filename" -specifies the configuration file to use. -.Ip "\fB\-name section\fR" 4 -.IX Item "-name section" -specifies the configuration file section to use (overrides -\&\fBdefault_ca\fR in the \fBca\fR section). -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -an input filename containing a single certificate request to be -signed by the \s-1CA\s0. -.Ip "\fB\-ss_cert filename\fR" 4 -.IX Item "-ss_cert filename" -a single self signed certificate to be signed by the \s-1CA\s0. -.Ip "\fB\-spkac filename\fR" 4 -.IX Item "-spkac filename" -a file containing a single Netscape signed public key and challenge -and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1NOTES\s0\fR -section for information on the required format. -.Ip "\fB\-infiles\fR" 4 -.IX Item "-infiles" -if present this should be the last option, all subsequent arguments -are assumed to the the names of files containing certificate requests. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output file to output certificates to. The default is standard -output. The certificate details will also be printed out to this -file. -.Ip "\fB\-outdir directory\fR" 4 -.IX Item "-outdir directory" -the directory to output certificates to. The certificate will be -written to a filename consisting of the serial number in hex with -\&\*(L".pem\*(R" appended. -.Ip "\fB\-cert\fR" 4 -.IX Item "-cert" -the \s-1CA\s0 certificate file. -.Ip "\fB\-keyfile filename\fR" 4 -.IX Item "-keyfile filename" -the private key to sign requests with. -.Ip "\fB\-key password\fR" 4 -.IX Item "-key password" -the password used to encrypt the private key. Since on some -systems the command line arguments are visible (e.g. Unix with -the 'ps' utility) this option should be used with caution. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -=item \fB\-verbose\fR -.Sp -this prints extra details about the operations being performed. -.Ip "\fB\-notext\fR" 4 -.IX Item "-notext" -don't output the text form of a certificate to the output file. -.Ip "\fB\-startdate date\fR" 4 -.IX Item "-startdate date" -this allows the start date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). -.Ip "\fB\-enddate date\fR" 4 -.IX Item "-enddate date" -this allows the expiry date to be explicitly set. The format of the -date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). -.Ip "\fB\-days arg\fR" 4 -.IX Item "-days arg" -the number of days to certify the certificate for. -.Ip "\fB\-md alg\fR" 4 -.IX Item "-md alg" -the message digest to use. Possible values include md5, sha1 and mdc2. -This option also applies to CRLs. -.Ip "\fB\-policy arg\fR" 4 -.IX Item "-policy arg" -this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in -the configuration file which decides which fields should be mandatory -or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section -for more information. -.Ip "\fB\-msie_hack\fR" 4 -.IX Item "-msie_hack" -this is a legacy option to make \fBca\fR work with very old versions of -the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings -for almost everything. Since the old control has various security bugs -its use is strongly discouraged. The newer control \*(L"Xenroll\*(R" does not -need this option. -.Ip "\fB\-preserveDN\fR" 4 -.IX Item "-preserveDN" -Normally the \s-1DN\s0 order of a certificate is the same as the order of the -fields in the relevant policy section. When this option is set the order -is the same as the request. This is largely for compatibility with the -older \s-1IE\s0 enrollment control which would only accept certificates if their -DNs match the order of the request. This is not needed for Xenroll. -.Ip "\fB\-batch\fR" 4 -.IX Item "-batch" -this sets the batch mode. In this mode no questions will be asked -and all certificates will be certified automatically. -.Ip "\fB\-extensions section\fR" 4 -.IX Item "-extensions section" -the section of the configuration file containing certificate extensions -to be added when a certificate is issued. If no extension section is -present then a V1 certificate is created. If the extension section -is present (even if it is empty) then a V3 certificate is created. -.SH "CRL OPTIONS" -.IX Header "CRL OPTIONS" -.Ip "\fB\-gencrl\fR" 4 -.IX Item "-gencrl" -this option generates a \s-1CRL\s0 based on information in the index file. -.Ip "\fB\-crldays num\fR" 4 -.IX Item "-crldays num" -the number of days before the next \s-1CRL\s0 is due. That is the days from -now to place in the \s-1CRL\s0 nextUpdate field. -.Ip "\fB\-crlhours num\fR" 4 -.IX Item "-crlhours num" -the number of hours before the next \s-1CRL\s0 is due. -.Ip "\fB\-revoke filename\fR" 4 -.IX Item "-revoke filename" -a filename containing a certificate to revoke. -.Ip "\fB\-crlexts section\fR" 4 -.IX Item "-crlexts section" -the section of the configuration file containing \s-1CRL\s0 extensions to -include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is -created, if the \s-1CRL\s0 extension section is present (even if it is -empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are -\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. -.SH "CONFIGURATION FILE OPTIONS" -.IX Header "CONFIGURATION FILE OPTIONS" -The section of the configuration file containing options for \fBca\fR -is found as follows: If the \fB\-name\fR command line option is used, -then it names the section to be used. Otherwise the section to -be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section -of the configuration file (or in the default section of the -configuration file). Besides \fBdefault_ca\fR, the following options are -read directly from the \fBca\fR section: - \s-1RANDFILE\s0 - preserve - msie_hack -With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may -change in future releases. -.PP -Many of the configuration file options are identical to command line -options. Where the option is present in the configuration file -and the command line the command line value is used. Where an -option is described as mandatory then it must be present in -the configuration file or the command line equivalent (if -any) used. -.Ip "\fBoid_file\fR" 4 -.IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. -Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. -.Ip "\fBoid_section\fR" 4 -.IX Item "oid_section" -This specifies a section in the configuration file containing extra -object identifiers. Each line should consist of the short name of the -object identifier followed by \fB=\fR and the numerical form. The short -and long names are the same when this option is used. -.Ip "\fBnew_certs_dir\fR" 4 -.IX Item "new_certs_dir" -the same as the \fB\-outdir\fR command line option. It specifies -the directory where new certificates will be placed. Mandatory. -.Ip "\fBcertificate\fR" 4 -.IX Item "certificate" -the same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 -certificate. Mandatory. -.Ip "\fBprivate_key\fR" 4 -.IX Item "private_key" -same as the \fB\-keyfile\fR option. The file containing the -\&\s-1CA\s0 private key. Mandatory. -.Ip "\fB\s-1RANDFILE\s0\fR" 4 -.IX Item "RANDFILE" -a file used to read and write random number seed information, or -an \s-1EGD\s0 socket (see RAND_egd(3)). -.Ip "\fBdefault_days\fR" 4 -.IX Item "default_days" -the same as the \fB\-days\fR option. The number of days to certify -a certificate for. -.Ip "\fBdefault_startdate\fR" 4 -.IX Item "default_startdate" -the same as the \fB\-startdate\fR option. The start date to certify -a certificate for. If not set the current time is used. -.Ip "\fBdefault_enddate\fR" 4 -.IX Item "default_enddate" -the same as the \fB\-enddate\fR option. Either this option or -\&\fBdefault_days\fR (or the command line equivalents) must be -present. -.Ip "\fBdefault_crl_hours default_crl_days\fR" 4 -.IX Item "default_crl_hours default_crl_days" -the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These -will only be used if neither command line option is present. At -least one of these must be present to generate a \s-1CRL\s0. -.Ip "\fBdefault_md\fR" 4 -.IX Item "default_md" -the same as the \fB\-md\fR option. The message digest to use. Mandatory. -.Ip "\fBdatabase\fR" 4 -.IX Item "database" -the text database file to use. Mandatory. This file must be present -though initially it will be empty. -.Ip "\fBserialfile\fR" 4 -.IX Item "serialfile" -a text file containing the next serial number to use in hex. Mandatory. -This file must be present and contain a valid serial number. -.Ip "\fBx509_extensions\fR" 4 -.IX Item "x509_extensions" -the same as \fB\-extensions\fR. -.Ip "\fBcrl_extensions\fR" 4 -.IX Item "crl_extensions" -the same as \fB\-crlexts\fR. -.Ip "\fBpreserve\fR" 4 -.IX Item "preserve" -the same as \fB\-preserveDN\fR -.Ip "\fBmsie_hack\fR" 4 -.IX Item "msie_hack" -the same as \fB\-msie_hack\fR -.Ip "\fBpolicy\fR" 4 -.IX Item "policy" -the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section -for more information. -.SH "POLICY FORMAT" -.IX Header "POLICY FORMAT" -The policy section consists of a set of variables corresponding to -certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value -must match the same field in the \s-1CA\s0 certificate. If the value is -\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then -it may be present. Any fields not mentioned in the policy section -are silently deleted, unless the \fB\-preserveDN\fR option is set but -this can be regarded more of a quirk than intended behaviour. -.SH "SPKAC FORMAT" -.IX Header "SPKAC FORMAT" -The input to the \fB\-spkac\fR command line option is a Netscape -signed public key and challenge. This will usually come from -the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. -It is however possible to create SPKACs using the \fBspkac\fR utility. -.PP -The file should contain the variable \s-1SPKAC\s0 set to the value of -the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. -If you need to include the same component twice then it can be -preceded by a number and a '.'. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Note: these examples assume that the \fBca\fR directory structure is -already set up and the relevant files already exist. This usually -involves creating a \s-1CA\s0 certificate and private key with \fBreq\fR, a -serial number file and an empty index file and placing them in -the relevant directories. -.PP -To use the sample configuration file below the directories demoCA, -demoCA/private and demoCA/newcerts would be created. The \s-1CA\s0 -certificate would be copied to demoCA/cacert.pem and its private -key to demoCA/private/cakey.pem. A file demoCA/serial would be -created containing for example \*(L"01\*(R" and the empty index file -demoCA/index.txt. -.PP -Sign a certificate request: -.PP -.Vb 1 -\& openssl ca -in req.pem -out newcert.pem -.Ve -Sign a certificate request, using \s-1CA\s0 extensions: -.PP -.Vb 1 -\& openssl ca -in req.pem -extensions v3_ca -out newcert.pem -.Ve -Generate a \s-1CRL\s0 -.PP -.Vb 1 -\& openssl ca -gencrl -out crl.pem -.Ve -Sign several requests: -.PP -.Vb 1 -\& openssl ca -infiles req1.pem req2.pem req3.pem -.Ve -Certify a Netscape \s-1SPKAC:\s0 -.PP -.Vb 1 -\& openssl ca -spkac spkac.txt -.Ve -A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): -.PP -.Vb 5 -\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 -\& CN=Steve Test -\& emailAddress=steve@openssl.org -\& 0.OU=OpenSSL Group -\& 1.OU=Another Group -.Ve -A sample configuration file with the relevant sections for \fBca\fR: -.PP -.Vb 2 -\& [ ca ] -\& default_ca = CA_default # The default ca section -.Ve -.Vb 1 -\& [ CA_default ] -.Ve -.Vb 3 -\& dir = ./demoCA # top dir -\& database = $dir/index.txt # index file. -\& new_certs_dir = $dir/newcerts # new certs dir -.Ve -.Vb 4 -\& certificate = $dir/cacert.pem # The CA cert -\& serial = $dir/serial # serial no file -\& private_key = $dir/private/cakey.pem# CA private key -\& RANDFILE = $dir/private/.rand # random number file -.Ve -.Vb 3 -\& default_days = 365 # how long to certify for -\& default_crl_days= 30 # how long before next CRL -\& default_md = md5 # md to use -.Ve -.Vb 1 -\& policy = policy_any # default policy -.Ve -.Vb 7 -\& [ policy_any ] -\& countryName = supplied -\& stateOrProvinceName = optional -\& organizationName = optional -\& organizationalUnitName = optional -\& commonName = supplied -\& emailAddress = optional -.Ve -.SH "WARNINGS" -.IX Header "WARNINGS" -The \fBca\fR command is quirky and at times downright unfriendly. -.PP -The \fBca\fR utility was originally meant as an example of how to do things -in a \s-1CA\s0. It was not supposed be be used as a full blown \s-1CA\s0 itself: -nevertheless some people are using it for this purpose. -.PP -The \fBca\fR command is effectively a single user command: no locking is -done on the various files and attempts to run more than one \fBca\fR command -on the same database can have unpredictable results. -.SH "FILES" -.IX Header "FILES" -Note: the location of all files can change either by compile time options, -configuration file entries, environment variables or command line options. -The values below reflect the default values. -.PP -.Vb 10 -\& /usr/local/ssl/lib/openssl.cnf - master configuration file -\& ./demoCA - main CA directory -\& ./demoCA/cacert.pem - CA certificate -\& ./demoCA/private/cakey.pem - CA private key -\& ./demoCA/serial - CA serial number file -\& ./demoCA/serial.old - CA serial number backup file -\& ./demoCA/index.txt - CA text database file -\& ./demoCA/index.txt.old - CA text database backup file -\& ./demoCA/certs - certificate output file -\& ./demoCA/.rnd - CA random seed information -.Ve -.SH "ENVIRONMENT VARIABLES" -.IX Header "ENVIRONMENT VARIABLES" -\&\fB\s-1OPENSSL_CONF\s0\fR reflects the location of master configuration file it can -be overridden by the \fB\-config\fR command line option. -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -The text database index file is a critical part of the process and -if corrupted it can be difficult to fix. It is theoretically possible -to rebuild the index file from all the issued certificates and a current -\&\s-1CRL:\s0 however there is no option to do this. -.PP -\&\s-1CRL\s0 entry extensions cannot currently be created: only \s-1CRL\s0 extensions -can be added. -.PP -V2 \s-1CRL\s0 features like delta \s-1CRL\s0 support and \s-1CRL\s0 numbers are not currently -supported. -.PP -Although several requests can be input and handled at once it is only -possible to include one \s-1SPKAC\s0 or self signed certificate. -.SH "BUGS" -.IX Header "BUGS" -The use of an in memory text database can cause problems when large -numbers of certificates are present because, as the name implies -the database has to be kept in memory. -.PP -Certificate request extensions are ignored: some kind of \*(L"policy\*(R" should -be included to use certain static extensions and certain extensions -from the request. -.PP -It is not possible to certify two certificates with the same \s-1DN:\s0 this -is a side effect of how the text database is indexed and it cannot easily -be fixed without introducing other problems. Some S/MIME clients can use -two certificates with the same \s-1DN\s0 for separate signing and encryption -keys. -.PP -The \fBca\fR command really needs rewriting or the required functionality -exposed at either a command or interface level so a more friendly utility -(perl script or \s-1GUI\s0) can handle things properly. The scripts \fB\s-1CA\s0.sh\fR and -\&\fB\s-1CA\s0.pl\fR help a little but not very much. -.PP -Any fields in a request that are not present in a policy are silently -deleted. This does not happen if the \fB\-preserveDN\fR option is used but -the extra fields are not displayed when the user is asked to certify -a request. The behaviour should be more friendly and configurable. -.PP -Cancelling some commands by refusing to certify a certificate can -create an empty file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -req(1), spkac(1), x509(1), CA.pl(1), -config(5) diff --git a/secure/lib/libcrypto/man/ciphers.1 b/secure/lib/libcrypto/man/ciphers.1 deleted file mode 100644 index 620a081..0000000 --- a/secure/lib/libcrypto/man/ciphers.1 +++ /dev/null @@ -1,447 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:40 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CIPHERS 1" -.TH CIPHERS 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -ciphers \- \s-1SSL\s0 cipher display and cipher list tool. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBciphers\fR -[\fB\-v\fR] -[\fB\-ssl2\fR] -[\fB\-ssl3\fR] -[\fB\-tls1\fR] -[\fBcipherlist\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered -\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine -the appropriate cipherlist. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-v\fR" 4 -.IX Item "-v" -verbose option. List ciphers with a complete description of -protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange, -authentication, encryption and mac algorithms used along with any key size -restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher. -Note that without the \fB\-v\fR option, ciphers may seem to appear twice -in a cipher list; this is when similar ciphers are available for -\&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1. -.Ip "\fB\-ssl3\fR" 4 -.IX Item "-ssl3" -only include \s-1SSL\s0 v3 ciphers. -.Ip "\fB\-ssl2\fR" 4 -.IX Item "-ssl2" -only include \s-1SSL\s0 v2 ciphers. -.Ip "\fB\-tls1\fR" 4 -.IX Item "-tls1" -only include \s-1TLS\s0 v1 ciphers. -.Ip "\fB\-h\fR, \fB\-?\fR" 4 -.IX Item "-h, -?" -print a brief usage message. -.Ip "\fBcipherlist\fR" 4 -.IX Item "cipherlist" -a cipher list to convert to a cipher preference list. If it is not included -then the default cipher list will be used. The format is described below. -.SH "CIPHER LIST FORMAT" -.IX Header "CIPHER LIST FORMAT" -The cipher list consists of one or more \fIcipher strings\fR separated by colons. -Commas or spaces are also acceptable separators but colons are normally used. -.PP -The actual cipher string can take several different forms. -.PP -It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. -.PP -It can represent a list of cipher suites containing a certain algorithm, or -cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers -suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 -algorithms. -.PP -Lists of cipher suites can be combined in a single cipher string using the -\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example -\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 -algorithms. -.PP -Each cipher string can be optionally preceded by the characters \fB!\fR, -\&\fB-\fR or \fB+\fR. -.PP -If \fB!\fR is used then the ciphers are permanently deleted from the list. -The ciphers deleted can never reappear in the list even if they are -explicitly stated. -.PP -If \fB-\fR is used then the ciphers are deleted from the list, but some or -all of the ciphers can be added again by later options. -.PP -If \fB+\fR is used then the ciphers are moved to the end of the list. This -option doesn't add any new ciphers it just moves matching existing ones. -.PP -If none of these characters is present then the string is just interpreted -as a list of ciphers to be appended to the current preference list. If the -list includes any ciphers already present they will be ignored: that is they -will not moved to the end of the list. -.PP -Additionally the cipher string \fB@STRENGTH\fR can be used at any point to sort -the current cipher list in order of encryption algorithm key length. -.SH "CIPHER STRINGS" -.IX Header "CIPHER STRINGS" -The following is a list of all permitted cipher strings and their meanings. -.Ip "\fB\s-1DEFAULT\s0\fR" 4 -.IX Item "DEFAULT" -the default cipher list. This is determined at compile time and is normally -\&\fB\s-1ALL:\s0!ADH:RC4+RSA:+SSLv2:@STRENGTH\fR. This must be the first cipher string -specified. -.Ip "\fB\s-1ALL\s0\fR" 4 -.IX Item "ALL" -all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled. -.Ip "\fB\s-1HIGH\s0\fR" 4 -.IX Item "HIGH" -\&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger -than 128 bits. -.Ip "\fB\s-1MEDIUM\s0\fR" 4 -.IX Item "MEDIUM" -\&\*(L"medium\*(R" encryption cipher suites, currently those using 128 bit encryption. -.Ip "\fB\s-1LOW\s0\fR" 4 -.IX Item "LOW" -\&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms -but excluding export cipher suites. -.Ip "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4 -.IX Item "EXP, EXPORT" -export encryption algorithms. Including 40 and 56 bits algorithms. -.Ip "\fB\s-1EXPORT40\s0\fR" 4 -.IX Item "EXPORT40" -40 bit export encryption algorithms -.Ip "\fB\s-1EXPORT56\s0\fR" 4 -.IX Item "EXPORT56" -56 bit export encryption algorithms. -.Ip "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 -.IX Item "eNULL, NULL" -the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no -encryption at all and are a security risk they are disabled unless explicitly -included. -.Ip "\fBaNULL\fR" 4 -.IX Item "aNULL" -the cipher suites offering no authentication. This is currently the anonymous -\&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R" -attack and so their use is normally discouraged. -.Ip "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4 -.IX Item "kRSA, RSA" -cipher suites using \s-1RSA\s0 key exchange. -.Ip "\fBkEDH\fR" 4 -.IX Item "kEDH" -cipher suites using ephemeral \s-1DH\s0 key agreement. -.Ip "\fBkDHr\fR, \fBkDHd\fR" 4 -.IX Item "kDHr, kDHd" -cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0 -and \s-1DSS\s0 keys respectively. Not implemented. -.Ip "\fBaRSA\fR" 4 -.IX Item "aRSA" -cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys. -.Ip "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 -.IX Item "aDSS, DSS" -cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. -.Ip "\fBaDH\fR" 4 -.IX Item "aDH" -cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry -\&\s-1DH\s0 keys. Not implemented. -.Ip "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4 -.IX Item "kFZA, aFZA, eFZA, FZA" -ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all -\&\s-1FORTEZZA\s0 algorithms. Not implemented. -.Ip "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4 -.IX Item "TLSv1, SSLv3, SSLv2" -\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. -.Ip "\fB\s-1DH\s0\fR" 4 -.IX Item "DH" -cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. -.Ip "\fB\s-1ADH\s0\fR" 4 -.IX Item "ADH" -anonymous \s-1DH\s0 cipher suites. -.Ip "\fB3DES\fR" 4 -.IX Item "3DES" -cipher suites using triple \s-1DES\s0. -.Ip "\fB\s-1DES\s0\fR" 4 -.IX Item "DES" -cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). -.Ip "\fB\s-1RC4\s0\fR" 4 -.IX Item "RC4" -cipher suites using \s-1RC4\s0. -.Ip "\fB\s-1RC2\s0\fR" 4 -.IX Item "RC2" -cipher suites using \s-1RC2\s0. -.Ip "\fB\s-1IDEA\s0\fR" 4 -.IX Item "IDEA" -cipher suites using \s-1IDEA\s0. -.Ip "\fB\s-1MD5\s0\fR" 4 -.IX Item "MD5" -cipher suites using \s-1MD5\s0. -.Ip "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 -.IX Item "SHA1, SHA" -cipher suites using \s-1SHA1\s0. -.SH "CIPHER SUITE NAMES" -.IX Header "CIPHER SUITE NAMES" -The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the -relevant specification and their OpenSSL equivalents. -.Sh "\s-1SSL\s0 v3.0 cipher suites." -.IX Subsection "SSL v3.0 cipher suites." -.Vb 10 -\& SSL_RSA_WITH_NULL_MD5 NULL-MD5 -\& SSL_RSA_WITH_NULL_SHA NULL-SHA -\& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 -\& SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 -\& SSL_RSA_WITH_RC4_128_SHA RC4-SHA -\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 -\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA -\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA -\& SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA -\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA -.Ve -.Vb 12 -\& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. -\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. -\& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. -\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA -\& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA -\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA -\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA -\& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA -\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA -.Ve -.Vb 5 -\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 -\& SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 -\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA -\& SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA -\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA -.Ve -.Vb 3 -\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. -\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. -\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. -.Ve -.Sh "\s-1TLS\s0 v1.0 cipher suites." -.IX Subsection "TLS v1.0 cipher suites." -.Vb 10 -\& TLS_RSA_WITH_NULL_MD5 NULL-MD5 -\& TLS_RSA_WITH_NULL_SHA NULL-SHA -\& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 -\& TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 -\& TLS_RSA_WITH_RC4_128_SHA RC4-SHA -\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 -\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA -\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA -\& TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA -\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA -.Ve -.Vb 12 -\& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. -\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. -\& TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. -\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA -\& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA -\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA -\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA -\& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA -\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA -.Ve -.Vb 5 -\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 -\& TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 -\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA -\& TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA -\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA -.Ve -.Sh "Additional Export 1024 and other cipher suites" -.IX Subsection "Additional Export 1024 and other cipher suites" -Note: these ciphers can also be used in \s-1SSL\s0 v3. -.PP -.Vb 5 -\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA -\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA -\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA -\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA -\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA -.Ve -.Sh "\s-1SSL\s0 v2.0 cipher suites." -.IX Subsection "SSL v2.0 cipher suites." -.Vb 7 -\& SSL_CK_RC4_128_WITH_MD5 RC4-MD5 -\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 -\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 -\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 -\& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 -\& SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 -\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 -.Ve -.SH "NOTES" -.IX Header "NOTES" -The non-ephemeral \s-1DH\s0 modes are currently unimplemented in OpenSSL -because there is no support for \s-1DH\s0 certificates. -.PP -Some compiled versions of OpenSSL may not include all the ciphers -listed here because some ciphers were excluded at compile time. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: -.PP -.Vb 1 -\& openssl ciphers -v 'ALL:eNULL' -.Ve -Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by -strength: -.PP -.Vb 1 -\& openssl ciphers -v 'ALL:!ADH:@STRENGTH' -.Ve -Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: -.PP -.Vb 1 -\& openssl ciphers -v '3DES:+RSA' -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -s_client(1), s_server(1), ssl(3) diff --git a/secure/lib/libcrypto/man/config.1 b/secure/lib/libcrypto/man/config.1 deleted file mode 100644 index ff88004..0000000 --- a/secure/lib/libcrypto/man/config.1 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Thu May 9 13:14:01 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CONFIG 1" -.TH CONFIG 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" -.UC -.SH "NAME" -config \- OpenSSL \s-1CONF\s0 library configuration files -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The OpenSSL \s-1CONF\s0 library can be used to read configuration files. -It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR -and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension -files for the \fBx509\fR utility. -.PP -A configuration file is divided into a number of sections. Each section -starts with a line \fB[ section_name ]\fR and ends when a new section is -started or end of file is reached. A section name can consist of -alphanumeric characters and underscores. -.PP -The first section of a configuration file is special and is referred -to as the \fBdefault\fR section this is usually unnamed and is from the -start of file until the first named section. When a name is being looked up -it is first looked up in a named section (if any) and then the -default section. -.PP -The environment is mapped onto a section called \fB\s-1ENV\s0\fR. -.PP -Comments can be included by preceding them with the \fB#\fR character -.PP -Each section in a configuration file consists of a number of name and -value pairs of the form \fBname=value\fR -.PP -The \fBname\fR string can contain any alphanumeric characters as well as -a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. -.PP -The \fBvalue\fR string consists of the string following the \fB=\fR character -until end of line with any leading and trailing white space removed. -.PP -The value string undergoes variable expansion. This can be done by -including the form \fB$var\fR or \fB${var}\fR: this will substitute the value -of the named variable in the current section. It is also possible to -substitute a value from another section using the syntax \fB$section::name\fR -or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment -variables can be substituted. It is also possible to assign values to -environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work -if the program looks up environment variables using the \fB\s-1CONF\s0\fR library -instead of calling \fB\f(BIgetenv()\fB\fR directly. -.PP -It is possible to escape certain characters by using any kind of quote -or the \fB\e\fR character. By making the last character of a line a \fB\e\fR -a \fBvalue\fR string can be spread across multiple lines. In addition -the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. -.SH "NOTES" -.IX Header "NOTES" -If a configuration file attempts to expand a variable that doesn't exist -then an error is flagged and the file will not load. This can happen -if an attempt is made to expand an environment variable that doesn't -exist. For example the default OpenSSL master configuration file used -the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems. -.PP -This can be worked around by including a \fBdefault\fR section to provide -a default value: then if the environment lookup fails the default value -will be used instead. For this to work properly the default value must -be defined earlier in the configuration file than the expansion. See -the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. -.PP -If the same variable exists in the same section then all but the last -value will be silently ignored. In certain circumstances such as with -DNs the same field may occur multiple times. This is usually worked -around by ignoring any characters before an initial \fB.\fR e.g. -.PP -.Vb 2 -\& 1.OU="My first OU" -\& 2.OU="My Second OU" -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Here is a sample configuration file using some of the features -mentioned above. -.PP -.Vb 1 -\& # This is the default section. -.Ve -.Vb 3 -\& HOME=/temp -\& RANDFILE= ${ENV::HOME}/.rnd -\& configdir=$ENV::HOME/config -.Ve -.Vb 1 -\& [ section_one ] -.Ve -.Vb 1 -\& # We are now in section one. -.Ve -.Vb 2 -\& # Quotes permit leading and trailing whitespace -\& any = " any variable name " -.Ve -.Vb 3 -\& other = A string that can \e -\& cover several lines \e -\& by including \e\e characters -.Ve -.Vb 1 -\& message = Hello World\en -.Ve -.Vb 1 -\& [ section_two ] -.Ve -.Vb 1 -\& greeting = $section_one::message -.Ve -This next example shows how to expand environment variables safely. -.PP -Suppose you want a variable called \fBtmpfile\fR to refer to a -temporary filename. The directory it is placed in can determined by -the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be -set to any value at all. If you just include the environment variable -names and the variable doesn't exist then this will cause an error when -an attempt is made to load the configuration file. By making use of the -default section both values can be looked up with \fB\s-1TEMP\s0\fR taking -priority and \fB/tmp\fR used if neither is defined: -.PP -.Vb 5 -\& TMP=/tmp -\& # The above value is used if TMP isn't in the environment -\& TEMP=$ENV::TMP -\& # The above value is used if TEMP isn't in the environment -\& tmpfile=${ENV::TEMP}/tmp.filename -.Ve -.SH "BUGS" -.IX Header "BUGS" -Currently there is no way to include characters using the octal \fB\ennn\fR -form. Strings are all null terminated so nulls cannot form part of -the value. -.PP -The escaping isn't quite right: if you want to use sequences like \fB\en\fR -you can't use any quote escaping on the same line. -.PP -Files are loaded in a single pass. This means that an variable expansion -will only work if the variables referenced are defined earlier in the -file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), req(1), ca(1) diff --git a/secure/lib/libcrypto/man/config.5 b/secure/lib/libcrypto/man/config.5 deleted file mode 100644 index fbe41e1..0000000 --- a/secure/lib/libcrypto/man/config.5 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:41 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "config 5" -.TH config 5 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -config \- OpenSSL \s-1CONF\s0 library configuration files -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The OpenSSL \s-1CONF\s0 library can be used to read configuration files. -It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR -and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension -files for the \fBx509\fR utility. -.PP -A configuration file is divided into a number of sections. Each section -starts with a line \fB[ section_name ]\fR and ends when a new section is -started or end of file is reached. A section name can consist of -alphanumeric characters and underscores. -.PP -The first section of a configuration file is special and is referred -to as the \fBdefault\fR section this is usually unnamed and is from the -start of file until the first named section. When a name is being looked up -it is first looked up in a named section (if any) and then the -default section. -.PP -The environment is mapped onto a section called \fB\s-1ENV\s0\fR. -.PP -Comments can be included by preceding them with the \fB#\fR character -.PP -Each section in a configuration file consists of a number of name and -value pairs of the form \fBname=value\fR -.PP -The \fBname\fR string can contain any alphanumeric characters as well as -a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. -.PP -The \fBvalue\fR string consists of the string following the \fB=\fR character -until end of line with any leading and trailing white space removed. -.PP -The value string undergoes variable expansion. This can be done by -including the form \fB$var\fR or \fB${var}\fR: this will substitute the value -of the named variable in the current section. It is also possible to -substitute a value from another section using the syntax \fB$section::name\fR -or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment -variables can be substituted. It is also possible to assign values to -environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work -if the program looks up environment variables using the \fB\s-1CONF\s0\fR library -instead of calling \fB\f(BIgetenv()\fB\fR directly. -.PP -It is possible to escape certain characters by using any kind of quote -or the \fB\e\fR character. By making the last character of a line a \fB\e\fR -a \fBvalue\fR string can be spread across multiple lines. In addition -the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. -.SH "NOTES" -.IX Header "NOTES" -If a configuration file attempts to expand a variable that doesn't exist -then an error is flagged and the file will not load. This can happen -if an attempt is made to expand an environment variable that doesn't -exist. For example the default OpenSSL master configuration file used -the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems. -.PP -This can be worked around by including a \fBdefault\fR section to provide -a default value: then if the environment lookup fails the default value -will be used instead. For this to work properly the default value must -be defined earlier in the configuration file than the expansion. See -the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. -.PP -If the same variable exists in the same section then all but the last -value will be silently ignored. In certain circumstances such as with -DNs the same field may occur multiple times. This is usually worked -around by ignoring any characters before an initial \fB.\fR e.g. -.PP -.Vb 2 -\& 1.OU="My first OU" -\& 2.OU="My Second OU" -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Here is a sample configuration file using some of the features -mentioned above. -.PP -.Vb 1 -\& # This is the default section. -.Ve -.Vb 3 -\& HOME=/temp -\& RANDFILE= ${ENV::HOME}/.rnd -\& configdir=$ENV::HOME/config -.Ve -.Vb 1 -\& [ section_one ] -.Ve -.Vb 1 -\& # We are now in section one. -.Ve -.Vb 2 -\& # Quotes permit leading and trailing whitespace -\& any = " any variable name " -.Ve -.Vb 3 -\& other = A string that can \e -\& cover several lines \e -\& by including \e\e characters -.Ve -.Vb 1 -\& message = Hello World\en -.Ve -.Vb 1 -\& [ section_two ] -.Ve -.Vb 1 -\& greeting = $section_one::message -.Ve -This next example shows how to expand environment variables safely. -.PP -Suppose you want a variable called \fBtmpfile\fR to refer to a -temporary filename. The directory it is placed in can determined by -the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be -set to any value at all. If you just include the environment variable -names and the variable doesn't exist then this will cause an error when -an attempt is made to load the configuration file. By making use of the -default section both values can be looked up with \fB\s-1TEMP\s0\fR taking -priority and \fB/tmp\fR used if neither is defined: -.PP -.Vb 5 -\& TMP=/tmp -\& # The above value is used if TMP isn't in the environment -\& TEMP=$ENV::TMP -\& # The above value is used if TEMP isn't in the environment -\& tmpfile=${ENV::TEMP}/tmp.filename -.Ve -.SH "BUGS" -.IX Header "BUGS" -Currently there is no way to include characters using the octal \fB\ennn\fR -form. Strings are all null terminated so nulls cannot form part of -the value. -.PP -The escaping isn't quite right: if you want to use sequences like \fB\en\fR -you can't use any quote escaping on the same line. -.PP -Files are loaded in a single pass. This means that an variable expansion -will only work if the variables referenced are defined earlier in the -file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), req(1), ca(1) diff --git a/secure/lib/libcrypto/man/crl.1 b/secure/lib/libcrypto/man/crl.1 deleted file mode 100644 index 8c71fec..0000000 --- a/secure/lib/libcrypto/man/crl.1 +++ /dev/null @@ -1,237 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:42 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CRL 1" -.TH CRL 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -crl \- \s-1CRL\s0 utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBcrl\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-text\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-hash\fR] -[\fB\-issuer\fR] -[\fB\-lastupdate\fR] -[\fB\-nextupdate\fR] -[\fB\-CAfile file\fR] -[\fB\-CApath dir\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcrl\fR command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 -structure. \fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read from or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -print out the \s-1CRL\s0 in text form. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the encoded version of the \s-1CRL\s0. -.Ip "\fB\-hash\fR" 4 -.IX Item "-hash" -output a hash of the issuer name. This can be use to lookup CRLs in -a directory by issuer name. -.Ip "\fB\-issuer\fR" 4 -.IX Item "-issuer" -output the issuer name. -.Ip "\fB\-lastupdate\fR" 4 -.IX Item "-lastupdate" -output the lastUpdate field. -.Ip "\fB\-nextupdate\fR" 4 -.IX Item "-nextupdate" -output the nextUpdate field. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in -\&\fBfile\fR -.Ip "\fB\-CApath dir\fR" 4 -.IX Item "-CApath dir" -verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in -\&\fBdir\fR. This directory must be a standard certificate directory: that -is a hash of each subject name (using \fBx509 \-hash\fR) should be linked -to each certificate. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN X509 CRL----- -\& -----END X509 CRL----- -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 -.PP -.Vb 1 -\& openssl crl -in crl.pem -outform DER -out crl.der -.Ve -Output the text form of a \s-1DER\s0 encoded certificate: -.PP -.Vb 1 -\& openssl crl -in crl.der -text -noout -.Ve -.SH "BUGS" -.IX Header "BUGS" -Ideally it should be possible to create a \s-1CRL\s0 using appropriate options -and files too. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -crl2pkcs7(1), ca(1), x509(1) diff --git a/secure/lib/libcrypto/man/crl2pkcs7.1 b/secure/lib/libcrypto/man/crl2pkcs7.1 deleted file mode 100644 index 0cb8dd9..0000000 --- a/secure/lib/libcrypto/man/crl2pkcs7.1 +++ /dev/null @@ -1,216 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:42 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBcrl2pkcs7\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-certfile filename\fR] -[\fB\-nocrl\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBcrl2pkcs7\fR command takes an optional \s-1CRL\s0 and one or more -certificates and converts them into a PKCS#7 degenerate \*(L"certificates -only\*(R" structure. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 -structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the PKCS#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0 -encoded PKCS#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a \s-1CRL\s0 from or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write the PKCS#7 structure to or standard -output by default. -.Ip "\fB\-certfile filename\fR" 4 -.IX Item "-certfile filename" -specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. -All certificates in the file will be added to the PKCS#7 structure. This -option can be used more than once to read certificates form multiple -files. -.Ip "\fB\-nocrl\fR" 4 -.IX Item "-nocrl" -normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is -included in the output file and a \s-1CRL\s0 is not read from the input file. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 -.PP -.Vb 1 -\& openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem -.Ve -Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several -different certificates: -.PP -.Vb 2 -\& openssl crl2pkcs7 -nocrl -certfile newcert.pem -\& -certfile demoCA/cacert.pem -outform DER -out p7.der -.Ve -.SH "NOTES" -.IX Header "NOTES" -The output file is a PKCS#7 signed data structure containing no signers and -just certificates and an optional \s-1CRL\s0. -.PP -This utility can be used to send certificates and CAs to Netscape as part of -the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output -as \s-1MIME\s0 type application/x-x509\-user-cert. -.PP -The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to -install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -pkcs7(1) diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 38ef4b6..2152f83 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:00 2002 +.\" Mon Jan 13 19:28:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH crypto 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" crypto \- OpenSSL cryptographic library @@ -187,6 +187,22 @@ pkcs7(3), pkcs12(3) bn(3), buffer(3), lhash(3), objects(3), stack(3), txt_db(3) +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); +.Ve +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fBcrl\fR would be freed but \fBrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fBx\fR and \fBobj\fR above) should be freed up. .SH "SEE ALSO" .IX Header "SEE ALSO" openssl(1), ssl(3) diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 new file mode 100644 index 0000000..a1579df --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -0,0 +1,165 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:00 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_ASN1_OBJECT 3" +.TH d2i_ASN1_OBJECT 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/objects.h> +.Ve +.Vb 2 +\& ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length); +\& int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 845a38c..deda229 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:01 2002 +.\" Mon Jan 13 19:29:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,10 @@ .\" ====================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH d2i_DHparams 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -d2i_DHparams, i2d_DHparams \- ... +d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -153,13 +153,14 @@ d2i_DHparams, i2d_DHparams \- ... .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&... -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&... +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&... +d2i_X509(3) .SH "HISTORY" .IX Header "HISTORY" -\&... +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/dsaparam.1 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index f400104..faef90d 100644 --- a/secure/lib/libcrypto/man/dsaparam.1 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:45 2002 +.\" Mon Jan 13 19:29:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,86 +137,90 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "d2i_DSAPublicKey 3" +.TH d2i_DSAPublicKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -dsaparam \- \s-1DSA\s0 parameter manipulation and generation +d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey, +d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG \- \s-1DSA\s0 key encoding +and parsing functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" -\&\fBopenssl dsaparam\fR -[\fB\-inform DER|PEM\fR] -[\fB\-outform DER|PEM\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-text\fR] -[\fB\-C\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fB\-genkey\fR] -[\fBnumbits\fR] +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAparams(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -This command is used to manipulate or generate \s-1DSA\s0 parameter files. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting -of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists -of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read parameters from or standard input if -this option is not specified. If the \fBnumbits\fR parameter is included then -this option will be ignored. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename parameters to. Standard output is used -if this option is not present. The output filename should \fBnot\fR be the same -as the input filename. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option inhibits the output of the encoded version of the parameters. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -this option prints out the \s-1DSA\s0 parameters in human readable form. -.Ip "\fB\-C\fR" 4 -.IX Item "-C" -this option converts the parameters into C code. The parameters can then -be loaded by calling the \fB\f(BIget_dsaXXX()\fB\fR function. -.Ip "\fB\-genkey\fR" 4 -.IX Item "-genkey" -this option will generate a \s-1DSA\s0 either using the specified or generated -parameters. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBnumbits\fR" 4 -.IX Item "numbits" -this option specifies that a parameter set should be generated of size -\&\fBnumbits\fR. It must be the last option. If this option is included then -the input file (if any) is ignored. +\&\fId2i_DSAPublicKey()\fR and \fIi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key +components structure. +.PP +\&\fId2i_DSA_PUKEY()\fR and \fIi2d_DSA_PUKEY()\fR decode and encode an \s-1DSA\s0 public key using a +SubjectPublicKeyInfo (certificate public key) structure. +.PP +\&\fId2i_DSAPrivateKey()\fR, \fIi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key +components. +.PP +\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using +a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0. +.PP +\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a +\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0. +.PP +The usage of all of these functions is similar to the \fId2i_X509()\fR and +\&\fIi2d_X509()\fR described in the d2i_X509(3) manual page. .SH "NOTES" .IX Header "NOTES" -\&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines: +The \fB\s-1DSA\s0\fR structure passed to the private key encoding functions should have +all the private key components present. .PP -.Vb 2 -\& -----BEGIN DSA PARAMETERS----- -\& -----END DSA PARAMETERS----- -.Ve -\&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of -\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions should be used in preference to the \fBDSAPublicKey\fR +functions when encoding public keys because they use a standard format. +.PP +The \fBDSAPublicKey\fR functions use an non standard format the actual data encoded +depends on the value of the \fBwrite_params\fR field of the \fBa\fR key parameter. +If \fBwrite_params\fR is zero then only the \fBpub_key\fR field is encoded as an +\&\fB\s-1INTEGER\s0\fR. If \fBwrite_params\fR is 1 then a \fB\s-1SEQUENCE\s0\fR consisting of the +\&\fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR respectively fields are encoded. +.PP +The \fBDSAPrivateKey\fR functions also use a non standard structure consiting +consisting of a \s-1SEQUENCE\s0 containing the \fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR and +\&\fBpriv_key\fR fields respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -gendsa(1), dsa(1), genrsa(1), -rsa(1) +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 new file mode 100644 index 0000000..3e233b9 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:03 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_PKCS8PrivateKey 3" +.TH d2i_PKCS8PrivateKey 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 2 +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in the pem(3) manual page. +.SH "NOTES" +.IX Header "NOTES" +Before using these functions OpenSSL_add_all_algorithms(3) +should be called to initialize the internal algorithm lookup tables otherwise errors about +unknown algorithms will occur if an attempt is made to decrypt a private key. +.PP +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see BIO_s_mem(3) for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +pem(3) diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 97a381b..06bed77 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:01 2002 +.\" Mon Jan 13 19:29:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,12 @@ .\" ====================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH d2i_RSAPublicKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ... +d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, +d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, +d2i_Netscape_RSA \- \s-1RSA\s0 public and private key encoding functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,6 +156,12 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne \& int i2d_RSAPublicKey(RSA *a, unsigned char **pp); .Ve .Vb 1 +\& RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +.Ve +.Vb 1 \& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); .Ve .Vb 1 @@ -167,13 +175,34 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&... -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&... +\&\fId2i_RSAPublicKey()\fR and \fIi2d_RSAPublicKey()\fR decode and encode a PKCS#1 RSAPublicKey +structure. +.PP +\&\fId2i_RSA_PUKEY()\fR and \fIi2d_RSA_PUKEY()\fR decode and encode an \s-1RSA\s0 public key using a +SubjectPublicKeyInfo (certificate public key) structure. +.PP +\&\fId2i_RSAPrivateKey()\fR, \fIi2d_RSAPrivateKey()\fR decode and encode a PKCS#1 RSAPrivateKey +structure. +.PP +\&\fId2i_Netscape_RSA()\fR, \fIi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in +\&\s-1NET\s0 format. +.PP +The usage of all of these functions is similar to the \fId2i_X509()\fR and +\&\fIi2d_X509()\fR described in the d2i_X509(3) manual page. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1RSA\s0\fR structure passed to the private key encoding functions should have +all the PKCS#1 private key components present. +.PP +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. +.PP +The \s-1NET\s0 format functions are present to provide compatibility with certain very +old software. This format has some severe security weaknesses and should be +avoided if possible. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&... +d2i_X509(3) .SH "HISTORY" .IX Header "HISTORY" -\&... +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 new file mode 100644 index 0000000..c69f3de --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -0,0 +1,396 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:05 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509 3" +.TH d2i_X509 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, +i2d_X509_fp \- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509 *d2i_X509(X509 **px, unsigned char **in, int len); +\& int i2d_X509(X509 *x, unsigned char **out); +.Ve +.Vb 2 +\& X509 *d2i_X509_bio(BIO *bp, X509 **x); +\& X509 *d2i_X509_fp(FILE *fp, X509 **x); +.Ve +.Vb 2 +\& int i2d_X509_bio(X509 *x, BIO *bp); +\& int i2d_X509_fp(X509 *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*out\fR. If +successful a pointer to the \fBX509\fR structure is returned. If an error +occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the +returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR +then it is assumed that \fB*px\fR contains a valid \fBX509\fR +structure and an attempt is made to reuse it. If the call is +successful \fB*out\fR is incremented to the byte following the +parsed data. +.PP +\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. +If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer +at \fB*out\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +For OpenSSL 0.9.7 and later if \fB*out\fR is \fB\s-1NULL\s0\fR memory will be +allocated for a buffer and the encoded data written to it. In this +case \fB*out\fR is not incremented and it points to the start of the +data just written. +.PP +\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1BIO\s0 \fBbp\fR. +.PP +\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for +\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that +\&\fBi2d_X509\fR converts from internal to \s-1DER\s0. +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual X509 structure passed to \fIi2d_X509()\fR must be a valid +populated \fBX509\fR structure it can \fBnot\fR simply be fed with an +empty structure such as that returned by \fIX509_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*in\fR and \fB*out\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +.PP +The reason for the auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will processed after it. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& len = i2d_X509(x, NULL); +.Ve +.Vb 1 +\& buf = OPENSSL_malloc(len); +.Ve +.Vb 2 +\& if (buf == NULL) +\& /* error */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& i2d_X509(x, &p); +.Ve +If you are using OpenSSL 0.9.7 or later then this can be +simplified to: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +.Ve +.Vb 1 +\& buf = NULL; +.Ve +.Vb 1 +\& len = i2d_X509(x, &buf); +.Ve +.Vb 2 +\& if (len < 0) +\& /* error */ +.Ve +Attempt to decode a buffer: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 1 +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& int len; +.Ve +.Vb 1 +\& /* Something to setup buf and len */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& x = d2i_X509(NULL, &p, len); +.Ve +.Vb 2 +\& if (x == NULL) +\& /* Some error */ +.Ve +Alternative technique: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 1 +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& int len; +.Ve +.Vb 1 +\& /* Something to setup buf and len */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& x = NULL; +.Ve +.Vb 2 +\& if(!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +The use of temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +.Ve +.Vb 1 +\& len = i2d_X509(x, NULL); +.Ve +.Vb 1 +\& buf = OPENSSL_malloc(len); +.Ve +.Vb 2 +\& if (buf == NULL) +\& /* error */ +.Ve +.Vb 1 +\& i2d_X509(x, &buf); +.Ve +.Vb 1 +\& /* Other stuff ... */ +.Ve +.Vb 1 +\& OPENSSL_free(buf); +.Ve +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BIOPENSSL_malloc()\fB\fR +and the subsequent call to \fB\f(BIOPENSSL_free()\fB\fR may well crash. +.PP +The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL +0.9.7 and later. Attempts to use it on earlier versions will typically +cause a segmentation violation. +.PP +Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 2 +\& if (!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when +\&\fB*px\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. As a result the use +of this \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fId2i_X509()\fR. This may be +fixed in future so code should not assume that \fIi2d_X509()\fR will +always succeed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by +ERR_get_error(3). +.PP +\&\fIi2d_X509()\fR, \fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return a the number of bytes +successfully encoded or a negative value if an error occurs. The error code +can be obtained by ERR_get_error(3). +.PP +\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR returns 1 for success and 0 if an error +occurs The error code can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp +are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 new file mode 100644 index 0000000..24838af --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:07 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_ALGOR 3" +.TH d2i_X509_ALGOR 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length); +\& int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \fBX509_ALGOR\fR structure which is +equivalent to the \fBAlgorithmIdentifier\fR structure. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 new file mode 100644 index 0000000..f1edd3b --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:08 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_CRL 3" +.TH d2i_X509_CRL 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp, +i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length); +\& int i2d_X509_CRL(X509_CRL *a, unsigned char **pp); +.Ve +.Vb 2 +\& X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); +\& X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); +.Ve +.Vb 2 +\& int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); +\& int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation +list). +.PP +Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 new file mode 100644 index 0000000..a58596a --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:09 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_NAME 3" +.TH d2i_X509_NAME 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length); +\& int i2d_X509_NAME(X509_NAME *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \fBX509_NAME\fR structure which is the +the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used +for example in certificate subject and issuer names. +.PP +Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 new file mode 100644 index 0000000..6e2544c --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:10 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_REQ 3" +.TH d2i_X509_REQ 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp, +i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length); +\& int i2d_X509_REQ(X509_REQ *a, unsigned char **pp); +.Ve +.Vb 2 +\& X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); +\& X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); +.Ve +.Vb 2 +\& int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); +\& int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode a PKCS#10 certificate request. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 new file mode 100644 index 0000000..04c8bf8 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:11 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_SIG 3" +.TH d2i_X509_SIG 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length); +\& int i2d_X509_SIG(X509_SIG *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an X509_SIG structure which is +equivalent to the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index b046d59..a937fdc 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:02 2002 +.\" Mon Jan 13 19:29:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,128 +138,119 @@ .\" ====================================================================== .\" .IX Title "des 3" -.TH des 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH des 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -des_random_key, des_set_key, des_key_sched, des_set_key_checked, -des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, -des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, -des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, -des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt, -des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, -des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, -des_read_password, des_read_2passwords, des_read_pw_string, -des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys, -des_fcrypt, des_crypt, des_enc_read, des_enc_write \- \s-1DES\s0 encryption +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write \- \s-1DES\s0 encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/des.h> .Ve .Vb 1 -\& void des_random_key(des_cblock *ret); +\& void DES_random_key(DES_cblock *ret); .Ve .Vb 6 -\& int des_set_key(const_des_cblock *key, des_key_schedule schedule); -\& int des_key_sched(const_des_cblock *key, des_key_schedule schedule); -\& int des_set_key_checked(const_des_cblock *key, -\& des_key_schedule schedule); -\& void des_set_key_unchecked(const_des_cblock *key, -\& des_key_schedule schedule); +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, +\& DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, +\& DES_key_schedule *schedule); .Ve .Vb 2 -\& void des_set_odd_parity(des_cblock *key); -\& int des_is_weak_key(const_des_cblock *key); +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); .Ve .Vb 7 -\& void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks, int enc); -\& void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks1, des_key_schedule ks2, int enc); -\& void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, int enc); +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); .Ve .Vb 18 -\& void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); -\& void des_cfb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, des_key_schedule schedule, -\& des_cblock *ivec, int enc); -\& void des_ofb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, des_key_schedule schedule, -\& des_cblock *ivec); -\& void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); -\& void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num, int enc); -\& void des_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num); .Ve .Vb 3 -\& void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, -\& const_des_cblock *inw, const_des_cblock *outw, int enc); +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); .Ve .Vb 9 -\& void des_ede2_cbc_encrypt(const unsigned char *input, -\& unsigned char *output, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int enc); -\& void des_ede2_cfb64_encrypt(const unsigned char *in, -\& unsigned char *out, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int *num, int enc); -\& void des_ede2_ofb64_encrypt(const unsigned char *in, -\& unsigned char *out, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int *num); +\& void DES_ede2_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); .Ve .Vb 15 -\& void des_ede3_cbc_encrypt(const unsigned char *input, -\& unsigned char *output, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, +\& void DES_ede3_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, \& int enc); -\& void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, +\& void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, \& int enc); -\& void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, des_cblock *ivec, int *num, int enc); -\& void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_key_schedule ks3, -\& des_cblock *ivec, int *num); -.Ve -.Vb 5 -\& int des_read_password(des_cblock *key, const char *prompt, int verify); -\& int des_read_2passwords(des_cblock *key1, des_cblock *key2, -\& const char *prompt, int verify); -\& int des_read_pw_string(char *buf, int length, const char *prompt, -\& int verify); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); .Ve .Vb 8 -\& DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, -\& long length, des_key_schedule schedule, -\& const_des_cblock *ivec); -\& DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], -\& long length, int out_count, des_cblock *seed); -\& void des_string_to_key(const char *str, des_cblock *key); -\& void des_string_to_2keys(const char *str, des_cblock *key1, -\& des_cblock *key2); +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, +\& DES_cblock *key2); .Ve -.Vb 3 -\& char *des_fcrypt(const char *buf, const char *salt, char *ret); -\& char *des_crypt(const char *buf, const char *salt); -\& char *crypt(const char *buf, const char *salt); +.Vb 2 +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); .Ve .Vb 4 -\& int des_enc_read(int fd, void *buf, int len, des_key_schedule sched, -\& des_cblock *iv); -\& int des_enc_write(int fd, const void *buf, int len, -\& des_key_schedule sched, des_cblock *iv); +\& int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, +\& DES_cblock *iv); +\& int DES_enc_write(int fd, const void *buf, int len, +\& DES_key_schedule *sched, DES_cblock *iv); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -267,56 +258,52 @@ This library contains a fast implementation of the \s-1DES\s0 encryption algorithm. .PP There are two phases to the use of \s-1DES\s0 encryption. The first is the -generation of a \fIdes_key_schedule\fR from a key, the second is the -actual encryption. A \s-1DES\s0 key is of type \fIdes_cblock\fR. This type is +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP -\&\fIdes_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded -prior to using this function (see rand(3); for backward -compatibility the function \fIdes_random_seed()\fR is available as well). -If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. In -earlier versions of the library, \fIdes_random_key()\fR did not generate -secure keys. +\&\fIDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded +prior to using this function (see rand(3)). If the \s-1PRNG\s0 +could not generate a secure key, 0 is returned. .PP Before a \s-1DES\s0 key can be used, it must be converted into the -architecture dependent \fIdes_key_schedule\fR via the -\&\fIdes_set_key_checked()\fR or \fIdes_set_key_unchecked()\fR function. +architecture dependent \fIDES_key_schedule\fR via the +\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. .PP -\&\fIdes_set_key_checked()\fR will check that the key passed is of odd parity +\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity and is not a week or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP -\&\fIdes_set_key()\fR (called \fIdes_key_sched()\fR in the \s-1MIT\s0 library) works like -\&\fIdes_set_key_checked()\fR if the \fIdes_check_key\fR flag is non-zero, -otherwise like \fIdes_set_key_unchecked()\fR. These functions are available +\&\fIDES_set_key()\fR works like +\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fIDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. .PP -\&\fIdes_set_odd_parity()\fR (called \fIdes_fixup_key_parity()\fR in the \s-1MIT\s0 -library) sets the parity of the passed \fIkey\fR to odd. +\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIdes_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it +\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it is ok. The probability that a randomly generated key is weak is 1/2^52, so it is not really worth checking for them. .PP The following routines mostly operate on an input and output stream of -\&\fIdes_cblock\fRs. +\&\fIDES_cblock\fRs. .PP -\&\fIdes_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or -decrypts a single 8\-byte \fIdes_cblock\fR in \fIelectronic code book\fR +\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR (cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the key_schedule specified by the \fIschedule\fR argument, previously set via -\&\fIdes_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input -and output may overlap. \fIdes_ecb_encrypt()\fR does not return a value. +and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. .PP -\&\fIdes_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances @@ -324,10 +311,10 @@ of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption using \s-1ECB\s0 mode and \fIks1\fR as the key. .PP -The macro \fIdes_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP -\&\fIdes_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR (\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR @@ -337,24 +324,24 @@ and initialization vector provided by the \fIivec\fR argument. If the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fIdes_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. .PP -\&\fIdes_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. .PP -The \fIdes_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP -\&\fIdes_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block +\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as -\&\fIdes_ncbc_encrypt()\fR. +\&\fIDES_ncbc_encrypt()\fR. .PP -\&\fIdes_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This +\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -362,7 +349,7 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIdes_cfb64_encrypt()\fR +\&\fIDES_cfb64_encrypt()\fR implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, no 8 byte padding. Each call to this @@ -370,10 +357,10 @@ routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about cfb mode of \s-1DES\s0 :\-). .PP -\&\fIdes_ede3_cfb64_encrypt()\fR and \fIdes_ede2_cfb64_encrypt()\fR is the same as -\&\fIdes_cfb64_encrypt()\fR except that Triple-DES is used. +\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as +\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP -\&\fIdes_ofb_encrypt()\fR encrypts using output feedback mode. This method +\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -381,39 +368,22 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIdes_ofb64_encrypt()\fR is the same as \fIdes_cfb64_encrypt()\fR using Output +\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP -\&\fIdes_ede3_ofb64_encrypt()\fR and \fIdes_ede2_ofb64_encrypt()\fR is the same as -\&\fIdes_ofb64_encrypt()\fR, using Triple-DES. +\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as +\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. .PP The following functions are included in the \s-1DES\s0 library for -compatibility with the \s-1MIT\s0 Kerberos library. \fIdes_read_pw_string()\fR -is also available under the name \fIEVP_read_pw_string()\fR. -.PP -\&\fIdes_read_pw_string()\fR writes the string specified by \fIprompt\fR to -standard output, turns echo off and reads in input string from the -terminal. The string is returned in \fIbuf\fR, which must have space for -at least \fIlength\fR bytes. If \fIverify\fR is set, the user is asked for -the password twice and unless the two copies match, an error is -returned. A return code of \-1 indicates a system error, 1 failure due -to use interaction, and 0 is success. -.PP -\&\fIdes_read_password()\fR does the same and converts the password to a \s-1DES\s0 -key by calling \fIdes_string_to_key()\fR; \fIdes_read_2password()\fR operates in -the same way as \fIdes_read_password()\fR except that it generates two keys -by using the \fIdes_string_to_2key()\fR function. \fIdes_string_to_key()\fR is -available for backward compatibility with the \s-1MIT\s0 library. New -applications should use a cryptographic hash function. The same -applies for \fIdes_string_to_2key()\fR. -.PP -\&\fIdes_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream (via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use EVP_DigestInit(3) etc. instead. .PP -\&\fIdes_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is non-NULL, the 8 bytes generated by each pass are written into @@ -421,19 +391,19 @@ non-NULL, the 8 bytes generated by each pass are written into .PP The following are DES-based transformations: .PP -\&\fIdes_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast \&\fIcrypt()\fR implementations. This is different to the normal crypt in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt. .PP -\&\fIdes_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. -This function calls \fIdes_fcrypt()\fR with a static array passed as the +\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. +This function calls \fIDES_fcrypt()\fR with a static array passed as the third parameter. This emulates the normal non-thread safe semantics of \fIcrypt\fR\|(3). .PP -\&\fIdes_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual data send down \fIfd\fR consists of 4 bytes (in network byte order) @@ -441,38 +411,38 @@ containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. .PP -\&\fIdes_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor +\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor \&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to -have come from \fIdes_enc_write()\fR and is decrypted using \fIsched\fR for +have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for the key schedule and \fIiv\fR for the initial vector. .PP -\&\fBWarning:\fR The data format used by \fIdes_enc_write()\fR and \fIdes_enc_read()\fR +\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 -bytes, \fIdes_enc_write()\fR will split the data into several chunks that +bytes, \fIDES_enc_write()\fR will split the data into several chunks that are all encrypted using the same \s-1IV\s0. So don't use these functions unless you are sure you know what you do (in which case you might not want to use them anyway). They cannot handle non-blocking sockets. -\&\fIdes_enc_read()\fR uses an internal state and thus cannot be used on +\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on multiple files. .PP -\&\fIdes_rw_mode\fR is used to specify the encryption mode to use with -\&\fIdes_enc_read()\fR and \fIdes_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the -default), des_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR -des_cbc_encrypt is used. +\&\fIDES_rw_mode\fR is used to specify the encryption mode to use with +\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the +default), DES_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR +DES_cbc_encrypt is used. .SH "NOTES" .IX Header "NOTES" Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is -not suitable for most applications; see des_modes(7). +not suitable for most applications; see DES_modes(7). .PP The evp(3) library provides higher-level encryption functions. .SH "BUGS" .IX Header "BUGS" -\&\fIdes_3cbc_encrypt()\fR is flawed and must not be used in applications. +\&\fIDES_3cbc_encrypt()\fR is flawed and must not be used in applications. .PP -\&\fIdes_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIdes_ncbc_encrypt()\fR +\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR instead. .PP -\&\fIdes_cfb_encrypt()\fR and \fIdes_ofb_encrypt()\fR operates on input of 8 bits. +\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits @@ -482,8 +452,9 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP -\&\fIdes_read_pw_string()\fR is the most machine/OS dependent function and -normally generates the most problems when porting this code. +\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fIDES_string_to_2key()\fR. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ANSI\s0 X3.106 @@ -495,10 +466,20 @@ the \s-1MIT\s0 Kerberos library. \&\fIcrypt\fR\|(3), des_modes(7), evp(3), rand(3) .SH "HISTORY" .IX Header "HISTORY" +In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid +clashes with older versions of libdes. Compatibility des_ functions +are provided for a short while, as well as \fIcrypt()\fR. +Declarations for these are in <openssl/des_old.h>. There is no \s-1DES_\s0 +variant for \fIdes_random_seed()\fR. +This will happen to other functions +as well if they are deemed redundant (\fIdes_random_seed()\fR just calls +\&\fIRAND_seed()\fR and is present for backward compatibility only), buggy or +already scheduled for removal. +.PP \&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR, \&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR, -\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR, \fIdes_read_password()\fR and -\&\fIdes_string_to_key()\fR are available in the \s-1MIT\s0 Kerberos library; +\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR and \fIdes_string_to_key()\fR +are available in the \s-1MIT\s0 Kerberos library; \&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR are available in newer versions of that library. .PP diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3 index b8cf5b0..788e0e8 100644 --- a/secure/lib/libcrypto/man/des_modes.3 +++ b/secure/lib/libcrypto/man/des_modes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:02 2002 +.\" Mon Jan 13 19:29:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "des_modes 3" -.TH des_modes 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH des_modes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL diff --git a/secure/lib/libcrypto/man/dgst.1 b/secure/lib/libcrypto/man/dgst.1 deleted file mode 100644 index b848f58..0000000 --- a/secure/lib/libcrypto/man/dgst.1 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:43 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "DGST 1" -.TH DGST 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBdgst\fR -[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fB\-hex\fR] -[\fB\-binary\fR] -[\fB\-out filename\fR] -[\fB\-sign filename\fR] -[\fB\-verify filename\fR] -[\fB\-prverify filename\fR] -[\fB\-signature filename\fR] -[\fBfile...\fR] -.PP -[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fBfile...\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-c\fR" 4 -.IX Item "-c" -print out the digest in two digit groups separated by colons, only relevant if -\&\fBhex\fR format output is used. -.Ip "\fB\-d\fR" 4 -.IX Item "-d" -print out \s-1BIO\s0 debugging information. -.Ip "\fB\-hex\fR" 4 -.IX Item "-hex" -digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" -digest as opposed to a digital signature. -.Ip "\fB\-binary\fR" 4 -.IX Item "-binary" -output the digest or signature in binary form. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -filename to output to, or standard output by default. -.Ip "\fB\-sign filename\fR" 4 -.IX Item "-sign filename" -digitally sign the digest using the private key in \*(L"filename\*(R". -.Ip "\fB\-verify filename\fR" 4 -.IX Item "-verify filename" -verify the signature using the the public key in \*(L"filename\*(R". -The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". -.Ip "\fB\-prverify filename\fR" 4 -.IX Item "-prverify filename" -verify the signature using the the private key in \*(L"filename\*(R". -.Ip "\fB\-signature filename\fR" 4 -.IX Item "-signature filename" -the actual signature to verify. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBfile...\fR" 4 -.IX Item "file..." -file or files to digest. If no files are specified then standard input is -used. -.SH "NOTES" -.IX Header "NOTES" -The digest of choice for all new applications is \s-1SHA1\s0. Other digests are -however still widely used. -.PP -If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 -digest must be used. -.PP -A source of random numbers is required for certain signing algorithms, in -particular \s-1DSA\s0. -.PP -The signing and verify options should only be used if a single file is -being signed or verified. diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 31cdc59..3c40e68 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:03 2002 +.\" Mon Jan 13 19:29:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,37 +138,38 @@ .\" ====================================================================== .\" .IX Title "dh 3" -.TH dh 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH dh 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" dh \- Diffie-Hellman key agreement .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dh.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& DH * DH_new(void); \& void DH_free(DH *dh); .Ve .Vb 1 -\& int DH_size(DH *dh); +\& int DH_size(const DH *dh); .Ve .Vb 3 \& DH * DH_generate_parameters(int prime_len, int generator, \& void (*callback)(int, int, void *), void *cb_arg); -\& int DH_check(DH *dh, int *codes); +\& int DH_check(const DH *dh, int *codes); .Ve .Vb 2 \& int DH_generate_key(DH *dh); \& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); .Ve .Vb 5 -\& void DH_set_default_method(DH_METHOD *meth); -\& DH_METHOD *DH_get_default_method(void); -\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); -\& DH *DH_new_method(DH_METHOD *meth); -\& DH_METHOD *DH_OpenSSL(void); +\& void DH_set_default_method(const DH_METHOD *meth); +\& const DH_METHOD *DH_get_default_method(void); +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& DH *DH_new_method(ENGINE *engine); +\& const DH_METHOD *DH_OpenSSL(void); .Ve .Vb 4 \& int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), @@ -178,11 +179,11 @@ dh \- Diffie-Hellman key agreement .Ve .Vb 2 \& DH * d2i_DHparams(DH **a, unsigned char **pp, long length); -\& int i2d_DHparams(DH *a, unsigned char **pp); +\& int i2d_DHparams(const DH *a, unsigned char **pp); .Ve .Vb 2 -\& int DHparams_print_fp(FILE *fp, DH *x); -\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, const DH *x); +\& int DHparams_print(BIO *bp, const DH *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -204,11 +205,19 @@ The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components. \& }; \& DH .Ve +Note that \s-1DH\s0 keys may use non-standard \fB\s-1DH_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1DH\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "SEE ALSO" .IX Header "SEE ALSO" dhparam(1), bn(3), dsa(3), err(3), -rand(3), rsa(3), DH_set_method(3), -DH_new(3), DH_get_ex_new_index(3), +rand(3), rsa(3), engine(3), +DH_set_method(3), DH_new(3), +DH_get_ex_new_index(3), DH_generate_parameters(3), DH_compute_key(3), d2i_DHparams(3), RSA_print(3) diff --git a/secure/lib/libcrypto/man/dhparam.1 b/secure/lib/libcrypto/man/dhparam.1 deleted file mode 100644 index 98a449f..0000000 --- a/secure/lib/libcrypto/man/dhparam.1 +++ /dev/null @@ -1,249 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:44 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "DHPARAM 1" -.TH DHPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -dhparam \- \s-1DH\s0 parameter manipulation and generation -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl dhparam\fR -[\fB\-inform DER|PEM\fR] -[\fB\-outform DER|PEM\fR] -[\fB\-in\fR \fIfilename\fR] -[\fB\-out\fR \fIfilename\fR] -[\fB\-dsaparam\fR] -[\fB\-noout\fR] -[\fB\-text\fR] -[\fB\-C\fR] -[\fB\-2\fR] -[\fB\-5\fR] -[\fB\-rand\fR \fI\fIfile\fI\|(s)\fR] -[\fInumbits\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This command is used to manipulate \s-1DH\s0 parameter files. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the -default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with -additional header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in\fR \fIfilename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read parameters from or standard input if -this option is not specified. -.Ip "\fB\-out\fR \fIfilename\fR" 4 -.IX Item "-out filename" -This specifies the output filename parameters to. Standard output is used -if this option is not present. The output filename should \fBnot\fR be the same -as the input filename. -.Ip "\fB\-dsaparam\fR" 4 -.IX Item "-dsaparam" -If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; -they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such -that (p-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. -.Sp -\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, -and the recommended exponent length is shorter, which makes \s-1DH\s0 key -exchange more efficient. Beware that with such DSA-style \s-1DH\s0 -parameters, a fresh \s-1DH\s0 key should be created for each use to -avoid small-subgroup attacks that may be possible otherwise. -.Ip "\fB\-2\fR, \fB\-5\fR" 4 -.IX Item "-2, -5" -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. -.Ip "\fB\-rand\fR \fI\fIfile\fI\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fInumbits\fR" 4 -.IX Item "numbits" -this option specifies that a parameter set should be generated of size -\&\fInumbits\fR. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option inhibits the output of the encoded version of the parameters. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -this option prints out the \s-1DH\s0 parameters in human readable form. -.Ip "\fB\-C\fR" 4 -.IX Item "-C" -this option converts the parameters into C code. The parameters can then -be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function. -.SH "WARNINGS" -.IX Header "WARNINGS" -The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and -\&\fBgendh\fR in previous versions of OpenSSL and SSLeay. The \fBdh\fR and \fBgendh\fR -programs are retained for now but may have different purposes in future -versions of OpenSSL. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN DH PARAMETERS----- -\& -----END DH PARAMETERS----- -.Ve -OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 -\&\s-1DH\s0. -.PP -This program manipulates \s-1DH\s0 parameters not keys. -.SH "BUGS" -.IX Header "BUGS" -There should be a way to generate and manipulate \s-1DH\s0 keys. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsaparam(1) -.SH "HISTORY" -.IX Header "HISTORY" -The \fBdhparam\fR command was added in OpenSSL 0.9.5. -The \fB\-dsaparam\fR option was added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/dsa.1 b/secure/lib/libcrypto/man/dsa.1 deleted file mode 100644 index dcc68e9..0000000 --- a/secure/lib/libcrypto/man/dsa.1 +++ /dev/null @@ -1,275 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:44 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "DSA 1" -.TH DSA 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -dsa \- \s-1DSA\s0 key processing -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBdsa\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-modulus\fR] -[\fB\-pubin\fR] -[\fB\-pubout\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various -forms and their components printed out. \fBNote\fR This command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the \fBpkcs8\fR -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses -an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of -version (currently zero), p, q, g, the public and private key components -respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a -SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0. -.Sp -The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 -encoded with additional header and footer lines. In the case of a private key -PKCS#8 format is also accepted. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a key from or standard input if this -option is not specified. If the key is encrypted a pass phrase will be -prompted for. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write a key to or standard output by -is not specified. If any encryption options are set then a pass phrase will be -prompted for. The output filename should \fBnot\fR be the same as the input -filename. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified the key is written in plain text. This -means that using the \fBdsa\fR utility to read in an encrypted key with no -encryption option can be used to remove the pass phrase from a key, or by -setting the encryption options it can be use to add or change the pass phrase. -These options can only be used with \s-1PEM\s0 format output files. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the public, private key components and parameters. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the key. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the public key component of the key. -.Ip "\fB\-pubin\fR" 4 -.IX Item "-pubin" -by default a private key is read from the input file: with this option a -public key is read instead. -.Ip "\fB\-pubout\fR" 4 -.IX Item "-pubout" -by default a private key is output. With this option a public -key will be output instead. This option is automatically set if the input is -a public key. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 private key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN DSA PRIVATE KEY----- -\& -----END DSA PRIVATE KEY----- -.Ve -The \s-1PEM\s0 public key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -To remove the pass phrase on a \s-1DSA\s0 private key: -.PP -.Vb 1 -\& openssl dsa -in key.pem -out keyout.pem -.Ve -To encrypt a private key using triple \s-1DES:\s0 -.PP -.Vb 1 -\& openssl dsa -in key.pem -des3 -out keyout.pem -.Ve -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: -.PP -.Vb 1 -\& openssl dsa -in key.pem -outform DER -out keyout.der -.Ve -To print out the components of a private key to standard output: -.PP -.Vb 1 -\& openssl dsa -in key.pem -text -noout -.Ve -To just output the public part of a private key: -.PP -.Vb 1 -\& openssl dsa -in key.pem -pubout -out pubkey.pem -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsaparam(1), gendsa(1), rsa(1), -genrsa(1) diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index c452818..67b693d 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:04 2002 +.\" Mon Jan 13 19:29:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,21 +138,22 @@ .\" ====================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH dsa 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" dsa \- Digital Signature Algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dsa.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& DSA * DSA_new(void); \& void DSA_free(DSA *dsa); .Ve .Vb 1 -\& int DSA_size(DSA *dsa); +\& int DSA_size(const DSA *dsa); .Ve .Vb 3 \& DSA * DSA_generate_parameters(int bits, unsigned char *seed, @@ -160,7 +161,7 @@ dsa \- Digital Signature Algorithm \& void (*callback)(int, int, void *), void *cb_arg); .Ve .Vb 1 -\& DH * DSA_dup_DH(DSA *r); +\& DH * DSA_dup_DH(const DSA *r); .Ve .Vb 1 \& int DSA_generate_key(DSA *dsa); @@ -171,14 +172,14 @@ dsa \- Digital Signature Algorithm \& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, \& BIGNUM **rp); \& int DSA_verify(int dummy, const unsigned char *dgst, int len, -\& unsigned char *sigbuf, int siglen, DSA *dsa); +\& const unsigned char *sigbuf, int siglen, DSA *dsa); .Ve .Vb 5 -\& void DSA_set_default_method(DSA_METHOD *meth); -\& DSA_METHOD *DSA_get_default_method(void); -\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); -\& DSA *DSA_new_method(DSA_METHOD *meth); -\& DSA_METHOD *DSA_OpenSSL(void); +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& const DSA_METHOD *DSA_get_default_method(void); +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& DSA *DSA_new_method(ENGINE *engine); +\& const DSA_METHOD *DSA_OpenSSL(void); .Ve .Vb 4 \& int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), @@ -189,7 +190,7 @@ dsa \- Digital Signature Algorithm .Vb 4 \& DSA_SIG *DSA_SIG_new(void); \& void DSA_SIG_free(DSA_SIG *a); -\& int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); +\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); \& DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); .Ve .Vb 3 @@ -201,15 +202,15 @@ dsa \- Digital Signature Algorithm \& DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); \& DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); \& DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); -\& int i2d_DSAPublicKey(DSA *a, unsigned char **pp); -\& int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); -\& int i2d_DSAparams(DSA *a,unsigned char **pp); +\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +\& int i2d_DSAparams(const DSA *a,unsigned char **pp); .Ve .Vb 4 -\& int DSAparams_print(BIO *bp, DSA *x); -\& int DSAparams_print_fp(FILE *fp, DSA *x); -\& int DSA_print(BIO *bp, DSA *x, int off); -\& int DSA_print_fp(FILE *bp, DSA *x, int off); +\& int DSAparams_print(BIO *bp, const DSA *x); +\& int DSAparams_print_fp(FILE *fp, const DSA *x); +\& int DSA_print(BIO *bp, const DSA *x, int off); +\& int DSA_print_fp(FILE *bp, const DSA *x, int off); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -235,6 +236,14 @@ The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. \& DSA; .Ve In public keys, \fBpriv_key\fR is \s-1NULL\s0. +.PP +Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1DSA\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature @@ -242,7 +251,8 @@ Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" bn(3), dh(3), err(3), rand(3), -rsa(3), sha(3), DSA_new(3), +rsa(3), sha(3), engine(3), +DSA_new(3), DSA_size(3), DSA_generate_parameters(3), DSA_dup_DH(3), diff --git a/secure/lib/libcrypto/man/enc.1 b/secure/lib/libcrypto/man/enc.1 deleted file mode 100644 index ee1597d..0000000 --- a/secure/lib/libcrypto/man/enc.1 +++ /dev/null @@ -1,392 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "ENC 1" -.TH ENC 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -enc \- symmetric cipher routines -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl enc \-ciphername\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-pass arg\fR] -[\fB\-e\fR] -[\fB\-d\fR] -[\fB\-a\fR] -[\fB\-A\fR] -[\fB\-k password\fR] -[\fB\-kfile filename\fR] -[\fB\-K key\fR] -[\fB\-iv \s-1IV\s0\fR] -[\fB\-p\fR] -[\fB\-P\fR] -[\fB\-bufsize number\fR] -[\fB\-debug\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The symmetric cipher commands allow data to be encrypted or decrypted -using various block and stream ciphers using keys based on passwords -or explicitly provided. Base64 encoding or decoding can also be performed -either by itself or in addition to the encryption or decryption. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input filename, standard input by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output filename, standard output by default. -.Ip "\fB\-pass arg\fR" 4 -.IX Item "-pass arg" -the password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-salt\fR" 4 -.IX Item "-salt" -use a salt in the key derivation routines. This option should \fB\s-1ALWAYS\s0\fR -be used unless compatibility with previous versions of OpenSSL or SSLeay -is required. This option is only present on OpenSSL versions 0.9.5 or -above. -.Ip "\fB\-nosalt\fR" 4 -.IX Item "-nosalt" -don't use a salt in the key derivation routines. This is the default for -compatibility with previous versions of OpenSSL and SSLeay. -.Ip "\fB\-e\fR" 4 -.IX Item "-e" -encrypt the input data: this is the default. -.Ip "\fB\-d\fR" 4 -.IX Item "-d" -decrypt the input data. -.Ip "\fB\-a\fR" 4 -.IX Item "-a" -base64 process the data. This means that if encryption is taking place -the data is base64 encoded after encryption. If decryption is set then -the input data is base64 decoded before being decrypted. -.Ip "\fB\-A\fR" 4 -.IX Item "-A" -if the \fB\-a\fR option is set then base64 process the data on one line. -.Ip "\fB\-k password\fR" 4 -.IX Item "-k password" -the password to derive the key from. This is for compatibility with previous -versions of OpenSSL. Superseded by the \fB\-pass\fR argument. -.Ip "\fB\-kfile filename\fR" 4 -.IX Item "-kfile filename" -read the password to derive the key from the first line of \fBfilename\fR. -This is for computability with previous versions of OpenSSL. Superseded by -the \fB\-pass\fR argument. -.Ip "\fB\-S salt\fR" 4 -.IX Item "-S salt" -the actual salt to use: this must be represented as a string comprised only -of hex digits. -.Ip "\fB\-K key\fR" 4 -.IX Item "-K key" -the actual key to use: this must be represented as a string comprised only -of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified -using the \fB\-iv\fR option. When both a key and a password are specified, the -key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the -password will be taken. It probably does not make much sense to specify -both key and password. -.Ip "\fB\-iv \s-1IV\s0\fR" 4 -.IX Item "-iv IV" -the actual \s-1IV\s0 to use: this must be represented as a string comprised only -of hex digits. When only the key is specified using the \fB\-K\fR option, the -\&\s-1IV\s0 must explicitly be defined. When a password is being specified using -one of the other options, the \s-1IV\s0 is generated from this password. -.Ip "\fB\-p\fR" 4 -.IX Item "-p" -print out the key and \s-1IV\s0 used. -.Ip "\fB\-P\fR" 4 -.IX Item "-P" -print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption -or decryption. -.Ip "\fB\-bufsize number\fR" 4 -.IX Item "-bufsize number" -set the buffer size for I/O -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -debug the BIOs used for I/O. -.SH "NOTES" -.IX Header "NOTES" -The program can be called either as \fBopenssl ciphername\fR or -\&\fBopenssl enc \-ciphername\fR. -.PP -A password will be prompted for to derive the key and \s-1IV\s0 if necessary. -.PP -The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived -from a password unless you want compatibility with previous versions of -OpenSSL and SSLeay. -.PP -Without the \fB\-salt\fR option it is possible to perform efficient dictionary -attacks on the password and to attack stream cipher encrypted data. The reason -for this is that without the salt the same password always generates the same -encryption key. When the salt is being used the first eight bytes of the -encrypted data are reserved for the salt: it is generated at random when -encrypting a file and read from the encrypted file when it is decrypted. -.PP -Some of the ciphers do not have large keys and others have security -implications if not used correctly. A beginner is advised to just use -a strong block cipher in \s-1CBC\s0 mode such as bf or des3. -.PP -All the block ciphers use PKCS#5 padding also known as standard block -padding: this allows a rudimentary integrity or password check to be -performed. However since the chance of random data passing the test is -better than 1 in 256 it isn't a very good test. -.PP -All \s-1RC2\s0 ciphers have the same key and effective key length. -.PP -Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. -.SH "SUPPORTED CIPHERS" -.IX Header "SUPPORTED CIPHERS" -.Vb 1 -\& base64 Base 64 -.Ve -.Vb 5 -\& bf-cbc Blowfish in CBC mode -\& bf Alias for bf-cbc -\& bf-cfb Blowfish in CFB mode -\& bf-ecb Blowfish in ECB mode -\& bf-ofb Blowfish in OFB mode -.Ve -.Vb 6 -\& cast-cbc CAST in CBC mode -\& cast Alias for cast-cbc -\& cast5-cbc CAST5 in CBC mode -\& cast5-cfb CAST5 in CFB mode -\& cast5-ecb CAST5 in ECB mode -\& cast5-ofb CAST5 in OFB mode -.Ve -.Vb 5 -\& des-cbc DES in CBC mode -\& des Alias for des-cbc -\& des-cfb DES in CBC mode -\& des-ofb DES in OFB mode -\& des-ecb DES in ECB mode -.Ve -.Vb 4 -\& des-ede-cbc Two key triple DES EDE in CBC mode -\& des-ede Alias for des-ede -\& des-ede-cfb Two key triple DES EDE in CFB mode -\& des-ede-ofb Two key triple DES EDE in OFB mode -.Ve -.Vb 5 -\& des-ede3-cbc Three key triple DES EDE in CBC mode -\& des-ede3 Alias for des-ede3-cbc -\& des3 Alias for des-ede3-cbc -\& des-ede3-cfb Three key triple DES EDE CFB mode -\& des-ede3-ofb Three key triple DES EDE in OFB mode -.Ve -.Vb 1 -\& desx DESX algorithm. -.Ve -.Vb 5 -\& idea-cbc IDEA algorithm in CBC mode -\& idea same as idea-cbc -\& idea-cfb IDEA in CFB mode -\& idea-ecb IDEA in ECB mode -\& idea-ofb IDEA in OFB mode -.Ve -.Vb 7 -\& rc2-cbc 128 bit RC2 in CBC mode -\& rc2 Alias for rc2-cbc -\& rc2-cfb 128 bit RC2 in CBC mode -\& rc2-ecb 128 bit RC2 in CBC mode -\& rc2-ofb 128 bit RC2 in CBC mode -\& rc2-64-cbc 64 bit RC2 in CBC mode -\& rc2-40-cbc 40 bit RC2 in CBC mode -.Ve -.Vb 3 -\& rc4 128 bit RC4 -\& rc4-64 64 bit RC4 -\& rc4-40 40 bit RC4 -.Ve -.Vb 5 -\& rc5-cbc RC5 cipher in CBC mode -\& rc5 Alias for rc5-cbc -\& rc5-cfb RC5 cipher in CBC mode -\& rc5-ecb RC5 cipher in CBC mode -\& rc5-ofb RC5 cipher in CBC mode -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Just base64 encode a binary file: -.PP -.Vb 1 -\& openssl base64 -in file.bin -out file.b64 -.Ve -Decode the same file -.PP -.Vb 1 -\& openssl base64 -d -in file.b64 -out file.bin -.Ve -Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: -.PP -.Vb 1 -\& openssl des3 -salt -in file.txt -out file.des3 -.Ve -Decrypt a file using a supplied password: -.PP -.Vb 1 -\& openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword -.Ve -Encrypt a file then base64 encode it (so it can be sent via mail for example) -using Blowfish in \s-1CBC\s0 mode: -.PP -.Vb 1 -\& openssl bf -a -salt -in file.txt -out file.bf -.Ve -Base64 decode a file then decrypt it: -.PP -.Vb 1 -\& openssl bf -d -salt -a -in file.bf -out file.txt -.Ve -Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: -.PP -.Vb 1 -\& openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \fB\-A\fR option when used with large files doesn't work properly. -.PP -There should be an option to allow an iteration count to be included. -.PP -Like the \s-1EVP\s0 library the \fBenc\fR program only supports a fixed number of -algorithms with certain parameters. So if, for example, you want to use \s-1RC2\s0 -with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 new file mode 100644 index 0000000..f9c42dd --- /dev/null +++ b/secure/lib/libcrypto/man/engine.3 @@ -0,0 +1,784 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:17 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "engine 3" +.TH engine 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +engine \- \s-1ENGINE\s0 cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/engine.h> +.Ve +.Vb 4 +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +.Ve +.Vb 2 +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +.Ve +.Vb 1 +\& ENGINE *ENGINE_by_id(const char *id); +.Ve +.Vb 2 +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +.Ve +.Vb 12 +\& void ENGINE_load_openssl(void); +\& void ENGINE_load_dynamic(void); +\& void ENGINE_load_cswift(void); +\& void ENGINE_load_chil(void); +\& void ENGINE_load_atalla(void); +\& void ENGINE_load_nuron(void); +\& void ENGINE_load_ubsec(void); +\& void ENGINE_load_aep(void); +\& void ENGINE_load_sureware(void); +\& void ENGINE_load_4758cca(void); +\& void ENGINE_load_openbsd_dev_crypto(void); +\& void ENGINE_load_builtin_engines(void); +.Ve +.Vb 1 +\& void ENGINE_cleanup(void); +.Ve +.Vb 6 +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +.Ve +.Vb 7 +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +.Ve +.Vb 1 +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +.Ve +.Vb 2 +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +.Ve +.Vb 20 +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +.Ve +.Vb 6 +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +.Ve +.Vb 2 +\& int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +\& void *ENGINE_get_ex_data(const ENGINE *e, int idx); +.Ve +.Vb 2 +\& int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +.Ve +.Vb 2 +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +.Ve +.Vb 16 +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +.Ve +.Vb 18 +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +.Ve +.Vb 4 +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.Vb 1 +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 5 +\& RSA_METHOD - for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND +\& EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid') +\& EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid') +\& key-loading - loading public and/or private EVP_PKEY keys +.Ve +.Sh "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. you should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independantly. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- you need a structural reference +simply to refer to the pointer value at all, as this kind of reference is +your guarantee that the structure can not be deallocated until you release +your reference. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 has +been initiliased to be usable to perform any of its cryptographic +implementations \- and indeed it's quite possible that most ENGINEs will not +initialised at all on standard setups, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independantly. If you have a functional reference to an +\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to +perform cryptographic operations and will not be uninitialised or cleaned +up until after you have released your reference. +.PP +We will discuss the two kinds of reference separately, including how to +tell which one you are dealing with at any given point in time (after all +they are both simply (\s-1ENGINE\s0 *) pointers, the difference is in the way they +are used). +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is typically used for creating new ENGINEs +dynamically, iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. Other than that, structural references come from return +values to various \s-1ENGINE\s0 \s-1API\s0 functions such as; \fIENGINE_by_id()\fR, +\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR, +\&\fIENGINE_get_prev()\fR. All structural references should be released by a +corresponding to call to the \fIENGINE_free()\fR function \- the \s-1ENGINE\s0 object +itself will only actually be cleaned up and deallocated when the last +structural reference is released. +.PP +It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and +\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. In this case, +the supplied \s-1ENGINE\s0 pointer is, from the point of the view of the caller, +both a structural reference and a functional reference \- so if the caller +intends to use it as a functional reference it should free the structural +reference with \fIENGINE_free()\fR first. If the caller wishes to use it only as +a structural reference (eg. if the \fIENGINE_init()\fR call was simply to test if +the \s-1ENGINE\s0 seems available/online), then it should free the functional +reference; all functional references are released by the \fIENGINE_finish()\fR +function. +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, +\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. +.Sh "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables separated-out by an 'nid' index, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes \- ENGINEs will support different numbers and +combinations of these. In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, +etc, there is only one \*(L"algorithm\*(R" so all implementations implicitly +register using the same 'nid' index. ENGINEs can be \fBregistered\fR into +these tables to make themselves available for use automatically by the +various abstractions, eg. \s-1RSA\s0. For illustrative purposes, we continue with +the \s-1RSA\s0 example, though all comments apply similarly to the other +abstractions (they each get their own table and linkage to the +corresponding section of openssl code). +.PP +When a new \s-1RSA\s0 key is being created, ie. in \fIRSA_new_method()\fR, a +\&\*(L"get_default\*(R" call will be made to the \s-1ENGINE\s0 subsystem to process the \s-1RSA\s0 +state table and return a functional reference to an initialised \s-1ENGINE\s0 +whose \s-1RSA_METHOD\s0 should be used. If no \s-1ENGINE\s0 should (or can) be used, it +will return \s-1NULL\s0 and the \s-1RSA\s0 key will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle by +using the conventional \s-1RSA\s0 implementation in OpenSSL (and will from then on +behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed \- for details see +RSA_new_method(3)). +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE\s0, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. +.PP +In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each +\&'nid' value. +.PP +It is worth illustrating the difference between \*(L"registration\*(R" of ENGINEs +into these per-algorithm state tables and using the alternative +\&\*(L"set_default\*(R" functions. The latter handles both \*(L"registration\*(R" and also +setting the cached \*(L"default\*(R" \s-1ENGINE\s0 in each relevant state table \- so +registered ENGINEs will only have a chance to be initialised for use as a +default if a default \s-1ENGINE\s0 wasn't already set for the same state table. +Eg. if \s-1ENGINE\s0 X supports cipher nids {A,B} and \s-1RSA\s0, \s-1ENGINE\s0 Y supports +ciphers {A} and \s-1DSA\s0, and the following code is executed; +.PP +.Vb 7 +\& ENGINE_register_complete(X); +\& ENGINE_set_default(Y, ENGINE_METHOD_ALL); +\& e1 = ENGINE_get_default_RSA(); +\& e2 = ENGINE_get_cipher_engine(A); +\& e3 = ENGINE_get_cipher_engine(B); +\& e4 = ENGINE_get_default_DSA(); +\& e5 = ENGINE_get_cipher_engine(C); +.Ve +The results would be as follows; +.PP +.Vb 5 +\& assert(e1 == X); +\& assert(e2 == Y); +\& assert(e3 == X); +\& assert(e4 == Y); +\& assert(e5 == NULL); +.Ve +.Sh "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions, eg. +.PP +.Vb 9 +\& /* Make the "dynamic" ENGINE available */ +\& void ENGINE_load_dynamic(void); +\& /* Make the CryptoSwift hardware acceleration support available */ +\& void ENGINE_load_cswift(void); +\& /* Make support for nCipher's "CHIL" hardware available */ +\& void ENGINE_load_chil(void); +\& ... +\& /* Make ALL ENGINE implementations bundled with OpenSSL available */ +\& void ENGINE_load_builtin_engines(void); +.Ve +Having called any of these functions, \s-1ENGINE\s0 objects would have been +dynamically allocated and populated with these implementations and linked +into OpenSSL's internal linked list. At this point it is important to +mention an important \s-1API\s0 function; +.PP +.Vb 1 +\& void ENGINE_cleanup(void); +.Ve +If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there +are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, +however if any ENGINEs are \*(L"load\*(R"ed, even if they are never registered or +used, it is necessary to use the \fIENGINE_cleanup()\fR function to +correspondingly cleanup before program exit, if the caller wishes to avoid +memory leaks. This mechanism uses an internal callback registration table +so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can +register its cleanup details to be called during \fIENGINE_cleanup()\fR. This +approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality +at all that your program uses, yet doesn't automatically create linker +dependencies to all possible \s-1ENGINE\s0 functionality \- only the cleanup +callbacks required by the functionality you do use will be required by the +linker. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to have control over. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's builtin utilities as guides. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise +OpenSSL should use its builtin software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 22 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if(!e) +\& /* the engine isn't available */ +\& return; +\& if(!ENGINE_init(e)) { +\& /* the engine couldn't initialise, release 'e' */ +\& ENGINE_free(e); +\& return; +\& } +\& if(!ENGINE_set_default_RSA(e)) +\& /* This should only happen when 'e' can't initialise, but the previous +\& * statement suggests it did. */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialise, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for use with \s-1RSA\s0 from then on. +.Sh "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to allow settings to passed +into ENGINEs exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise password-protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fIENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fIENGINE_init()\fR, or +in same cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to builtin control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 36 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if(!e) return 0; +\& while(pre_num--) { +\& if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s - %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if(!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). */ +\& ENGINE_free(e); +\& while(post_num--) { +\& if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s - %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set non-zero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE\s0. +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported from a structural +reference to any \s-1ENGINE\s0. It is first important to note that some control +commands are defined by OpenSSL itself and it will intercept and handle these +control commands on behalf of the \s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not +used for the control command. openssl/engine.h defines a symbol, +\&\s-1ENGINE_CMD_BASE\s0, that all control commands implemented by ENGINEs from. Any +command value lower than this symbol is considered a \*(L"generic\*(R" command is +handled directly by the OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the the control +commands implemented by a given \s-1ENGINE\s0, specifically the commands; +.PP +.Vb 9 +\& #define ENGINE_HAS_CTRL_FUNCTION 10 +\& #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +\& #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +\& #define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +\& #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +\& #define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +\& #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +\& #define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +\& #define ENGINE_CTRL_GET_CMD_FLAGS 18 +.Ve +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 by which to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect this behaviour; +it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules; +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values; +.PP +.Vb 4 +\& #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +\& #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +\& #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +\& #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 +.Ve +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.Sh "Future developments" +.IX Subsection "Future developments" +The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for +possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R" +ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0 +implementations to be provided independantly of OpenSSL libraries and/or +OpenSSL-based applications, and would also remove any requirement for +applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to shared-library +implementations. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), dsa(3), dh(3), rand(3), +RSA_new_method(3) diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index bd76dd7..22599ed 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:04 2002 +.\" Mon Jan 13 19:29:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "err 3" -.TH err 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH err 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" err \- error codes diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index dae3c82..d50439f 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:05 2002 +.\" Mon Jan 13 19:29:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "evp 3" -.TH evp 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH evp 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" evp \- high-level cryptographic functions @@ -162,6 +162,13 @@ Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests. .PP Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3). +.PP +All the symmetric algorithms (ciphers) and digests can be replaced by \s-1ENGINE\s0 +modules providing alternative implementations. If \s-1ENGINE\s0 implementations of +ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions +will automatically use those implementations automatically in preference to +built in software implementations. For more information, consult the \fIengine\fR\|(3) +man page. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_DigestInit(3), @@ -170,4 +177,5 @@ EVP_OpenInit(3), EVP_SealInit(3), EVP_SignInit(3), EVP_VerifyInit(3), -OpenSSL_add_all_algorithms(3) +OpenSSL_add_all_algorithms(3), +engine(3) diff --git a/secure/lib/libcrypto/man/gendsa.1 b/secure/lib/libcrypto/man/gendsa.1 deleted file mode 100644 index 19ec49b..0000000 --- a/secure/lib/libcrypto/man/gendsa.1 +++ /dev/null @@ -1,184 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "GENDSA 1" -.TH GENDSA 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -gendsa \- generate a \s-1DSA\s0 private key from a set of parameters -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBgendsa\fR -[\fB\-out filename\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fBparamfile\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file -(which will be typically generated by the \fBopenssl dsaparam\fR command). -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified no encryption is used. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBparamfile\fR" 4 -.IX Item "paramfile" -This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this -file determine the size of the private key. \s-1DSA\s0 parameters can be generated -and examined using the \fBopenssl dsaparam\fR command. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1DSA\s0 key generation is little more than random number generation so it is -much quicker that \s-1RSA\s0 key generation for example. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsaparam(1), dsa(1), genrsa(1), -rsa(1) diff --git a/secure/lib/libcrypto/man/genrsa.1 b/secure/lib/libcrypto/man/genrsa.1 deleted file mode 100644 index aaea762..0000000 --- a/secure/lib/libcrypto/man/genrsa.1 +++ /dev/null @@ -1,209 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:47 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "GENRSA 1" -.TH GENRSA 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -genrsa \- generate an \s-1RSA\s0 private key -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBgenrsa\fR -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-f4\fR] -[\fB\-3\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fBnumbits\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBgenrsa\fR command generates an \s-1RSA\s0 private key. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the output filename. If this argument is not specified then standard output is -used. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is -specified no encryption is used. If encryption is used a pass phrase is prompted -for if it is not supplied via the \fB\-passout\fR argument. -.Ip "\fB\-F4|\-3\fR" 4 -.IX Item "-F4|-3" -the public exponent to use, either 65537 or 3. The default is 65537. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBnumbits\fR" 4 -.IX Item "numbits" -the size of the private key to generate in bits. This must be the last option -specified. The default is 512. -.SH "NOTES" -.IX Header "NOTES" -\&\s-1RSA\s0 private key generation essentially involves the generation of two prime -numbers. When generating a private key various symbols will be output to -indicate the progress of the generation. A \fB.\fR represents each number which -has passed an initial sieve test, \fB+\fR means a number has passed a single -round of the Miller-Rabin primality test. A newline means that the number has -passed all the prime tests (the actual number depends on the key size). -.PP -Because key generation is a random process the time taken to generate a key -may vary somewhat. -.SH "BUGS" -.IX Header "BUGS" -A quirk of the prime generation algorithm is that it cannot generate small -primes. Therefore the number of bits should not be less that 64. For typical -private keys this will not matter because for security reasons they will -be much larger (typically 1024 bits). -.SH "SEE ALSO" -.IX Header "SEE ALSO" -gendsa(1) diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index c62de63..27eeff8 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:06 2002 +.\" Mon Jan 13 19:29:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH hmac 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message @@ -153,13 +153,19 @@ authentication code \& int key_len, const unsigned char *d, int n, \& unsigned char *md, unsigned int *md_len); .Ve -.Vb 4 +.Vb 1 +\& void HMAC_CTX_init(HMAC_CTX *ctx); +.Ve +.Vb 6 \& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); +\& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); \& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); \& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); .Ve -.Vb 1 +.Vb 2 +\& void HMAC_CTX_cleanup(HMAC_CTX *ctx); \& void HMAC_cleanup(HMAC_CTX *ctx); .Ve .SH "DESCRIPTION" @@ -181,13 +187,31 @@ the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. \&\fBkey\fR and \fBevp_md\fR may be \fB\s-1NULL\s0\fR if a key and hash function have been set in a previous call to \fIHMAC_Init()\fR for that \fB\s-1HMAC_CTX\s0\fR. .PP -\&\fIHMAC_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR. +\&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be +called. +.PP +\&\fIHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR +and releases any associated resources. It must be called when an +\&\fB\s-1HMAC_CTX\s0\fR is no longer required. +.PP +\&\fIHMAC_cleanup()\fR is an alias for \fIHMAC_CTX_cleanup()\fR included for back +compatibility with 0.9.6b, it is deprecated. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. It is deprecated and only included for backward compatibility +with OpenSSL 0.9.6b. +.PP +\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use +the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which +case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been +called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this +function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in +previous versions of OpenSSL \- failure to switch to \f(BIHMAC_Init_ex()\fB in +programs that expect it will cause them to stop working\fR. .PP \&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to be authenticated (\fBlen\fR bytes at \fBdata\fR). @@ -198,8 +222,8 @@ must have space for the hash function output. .IX Header "RETURN VALUES" \&\fIHMAC()\fR returns a pointer to the message authentication code. .PP -\&\fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR do not -return values. +\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and +\&\fIHMAC_CTX_cleanup()\fR do not return values. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC\s0 2104 @@ -210,3 +234,6 @@ sha(3), evp(3) .IX Header "HISTORY" \&\fIHMAC()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR are available since SSLeay 0.9.0. +.PP +\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available +since OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 44645f0..aeb26e2 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:06 2002 +.\" Mon Jan 13 19:29:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH lh_stats 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index e5ee467..f698fce 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:07 2002 +.\" Mon Jan 13 19:29:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,19 +138,17 @@ .\" ====================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH lhash 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, -lh_doall_arg, lh_error \- dynamic hash table +lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/lhash.h> .Ve -.Vb 3 -\& LHASH *lh_new(unsigned long (*hash)(/*void *a*/), -\& int (*compare)(/*void *a,void *b*/)); +.Vb 2 +\& LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare); \& void lh_free(LHASH *table); .Ve .Vb 3 @@ -159,29 +157,102 @@ lh_doall_arg, lh_error \- dynamic hash table \& void *lh_retrieve(LHASH *table, void *data); .Ve .Vb 3 -\& void lh_doall(LHASH *table, void (*func)(/*void *b*/)); -\& void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/), +\& void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func); +\& void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func, \& void *arg); .Ve .Vb 1 \& int lh_error(LHASH *table); .Ve +.Vb 4 +\& typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); +\& typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); +\& typedef void (*LHASH_DOALL_FN_TYPE)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. .PP -\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure. \fBhash\fR takes a pointer to -the structure and returns an unsigned long hash value of its key -field. The hash value is normally truncated to a power of 2, so make -sure that your hash function returns well mixed low order -bits. \fBcompare\fR takes two arguments, and returns 0 if their keys are -equal, non-zero otherwise. +\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure to store arbitrary data +entries, and provides the 'hash' and 'compare' callbacks to be used in +organising the table's entries. The \fBhash\fR callback takes a pointer +to a table entry as its argument and returns an unsigned long hash +value for its key field. The hash value is normally truncated to a +power of 2, so make sure that your hash function returns well mixed +low order bits. The \fBcompare\fR callback takes two arguments (pointers +to two hash table entries), and returns 0 if their keys are equal, +non-zero otherwise. If your hash table will contain items of some +particular type and the \fBhash\fR and \fBcompare\fR callbacks hash/compare +these types, then the \fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and +\&\fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback +wrappers of the prototypes required by \fIlh_new()\fR. These provide +per-variable casts before calling the type-specific callbacks written +by the application author. These macros, as well as those used for +the \*(L"doall\*(R" callbacks, are defined as; +.PP +.Vb 7 +\& #define DECLARE_LHASH_HASH_FN(f_name,o_type) \e +\& unsigned long f_name##_LHASH_HASH(const void *); +\& #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \e +\& unsigned long f_name##_LHASH_HASH(const void *arg) { \e +\& o_type a = (o_type)arg; \e +\& return f_name(a); } +\& #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +.Ve +.Vb 8 +\& #define DECLARE_LHASH_COMP_FN(f_name,o_type) \e +\& int f_name##_LHASH_COMP(const void *, const void *); +\& #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \e +\& int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \e +\& o_type a = (o_type)arg1; \e +\& o_type b = (o_type)arg2; \e +\& return f_name(a,b); } +\& #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +.Ve +.Vb 7 +\& #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \e +\& void f_name##_LHASH_DOALL(const void *); +\& #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \e +\& void f_name##_LHASH_DOALL(const void *arg) { \e +\& o_type a = (o_type)arg; \e +\& f_name(a); } +\& #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +.Ve +.Vb 8 +\& #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e +\& void f_name##_LHASH_DOALL_ARG(const void *, const void *); +\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e +\& void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \e +\& o_type a = (o_type)arg1; \e +\& a_type b = (a_type)arg2; \e +\& f_name(a,b); } +\& #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG +.Ve +An example of a hash table storing (pointers to) structures of type '\s-1STUFF\s0' +could be defined as follows; .PP +.Vb 14 +\& /* Calculates the hash value of 'tohash' (implemented elsewhere) */ +\& unsigned long STUFF_hash(const STUFF *tohash); +\& /* Orders 'arg1' and 'arg2' (implemented elsewhere) */ +\& int STUFF_cmp(const STUFF *arg1, const STUFF *arg2); +\& /* Create the type-safe wrapper functions for use in the LHASH internals */ +\& static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *) +\& static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *); +\& /* ... */ +\& int main(int argc, char *argv[]) { +\& /* Create the new hash table using the hash/compare wrappers */ +\& LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash), +\& LHASH_COMP_FN(STUFF_cmp)); +\& /* ... */ +\& } +.Ve \&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table entries will not be freed; consider using \fIlh_doall()\fR to deallocate any -remaining entries in the hash table. +remaining entries in the hash table (see below). .PP \&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR. If there already is an entry with the same key, the old value is @@ -195,23 +266,55 @@ a structure with the key \fIfield\fR\|(s) set; the function will return a pointer to a fully populated structure. .PP \&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with -the data item as parameters. -This function can be quite useful when used as follows: - void cleanup(\s-1STUFF\s0 *a) - { \fISTUFF_free\fR\|(a); } - lh_doall(hash,cleanup); - lh_free(hash); -This can be used to free all the entries. \fIlh_free()\fR then cleans up the -\&'buckets' that point to nothing. When doing this, be careful if you -delete entries from the hash table in \fBfunc\fR: the table may decrease -in size, moving item that you are currently on down lower in the hash -table. This could cause some entries to be skipped. The best -solution to this problem is to set hash->down_load=0 before you -start. This will stop the hash table ever being decreased in size. +the data item as its parameter. For \fIlh_doall()\fR and \fIlh_doall_arg()\fR, +function pointer casting should be avoided in the callbacks (see +\&\fB\s-1NOTE\s0\fR) \- instead, either declare the callbacks to match the +prototype required in \fIlh_new()\fR or use the declare/implement macros to +create type-safe wrappers that cast variables prior to calling your +type-specific callbacks. An example of this is illustrated here where +the callback is used to cleanup resources for items in the hash table +prior to the hashtable itself being deallocated: .PP -\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will -be called with \fBarg\fR as the second argument. +.Vb 9 +\& /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */ +\& void STUFF_cleanup(STUFF *a); +\& /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *) +\& /* ... then later in the code ... */ +\& /* So to run "STUFF_cleanup" against all items in a hash table ... */ +\& lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); +\& /* Then the hash table itself can be deallocated */ +\& lh_free(hashtable); +.Ve +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will be +called with \fBarg\fR as the second argument and \fBfunc\fR should be of +type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed +both the table entry and an extra argument). As with \fIlh_doall()\fR, you +can instead choose to declare your callback with a prototype matching +the types you are dealing with and use the declare/implement macros to +create compatible wrappers that cast variables before calling your +type-specific callbacks. An example of this is demonstrated here +(printing all hash table entries to a \s-1BIO\s0 that is provided by the +caller): .PP +.Vb 7 +\& /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */ +\& void STUFF_print(const STUFF *a, BIO *output_bio); +\& /* Implement a prototype-compatible wrapper for "STUFF_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *) +\& /* ... then later in the code ... */ +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio); +.Ve \&\fIlh_error()\fR can be used to determine if an error occurred in the last operation. \fIlh_error()\fR is a macro. .SH "RETURN VALUES" @@ -232,6 +335,44 @@ there is no such value in the hash table. otherwise. .PP \&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values. +.SH "NOTE" +.IX Header "NOTE" +The various \s-1LHASH\s0 macros and callback types exist to make it possible +to write type-safe code without resorting to function-prototype +casting \- an evil that makes application code much harder to +audit/verify and also opens the window of opportunity for stack +corruption and other hard-to-find bugs. It also, apparently, violates +\&\s-1ANSI-C\s0. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fIlh_doall()\fR +and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fIlh_doall()\fR or +\&\fIlh_doall_arg()\fR callbacks (see the \*(L"STUFF_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API\s0. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" \&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. @@ -271,7 +412,7 @@ generating hashes that are the same for different values. It is probably worth changing your hash function if this is the case because even if your hash table has 10 items in a 'bucket', it can be searched with 10 \fBunsigned long\fR compares and 10 linked list traverses. This -will be much less expensive that 10 calls to you compare function. +will be much less expensive that 10 calls to your compare function. .PP \&\fIlh_strhash()\fR is a demo string hashing function: .PP @@ -290,3 +431,8 @@ The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL. \&\fIlh_error()\fR was added in SSLeay 0.9.1b. .PP This manpage is derived from the SSLeay documentation. +.PP +In OpenSSL 0.9.7, all lhash functions that were passed function pointers +were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0, +\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 +became available. diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index c69001a..efa0053 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:07 2002 +.\" Mon Jan 13 19:29:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "md5 3" -.TH md5 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH md5 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index b553403..703af80 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:08 2002 +.\" Mon Jan 13 19:29:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH mdc2 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function diff --git a/secure/lib/libcrypto/man/nseq.1 b/secure/lib/libcrypto/man/nseq.1 deleted file mode 100644 index 469dc98..0000000 --- a/secure/lib/libcrypto/man/nseq.1 +++ /dev/null @@ -1,199 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:47 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "NSEQ 1" -.TH NSEQ 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -nseq \- create or examine a netscape certificate sequence -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBnseq\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-toseq\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBnseq\fR command takes a file containing a Netscape certificate -sequence and prints out the certificates contained in it or takes a -file of certificates and converts it into a Netscape certificate -sequence. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename or standard output by default. -.Ip "\fB\-toseq\fR" 4 -.IX Item "-toseq" -normally a Netscape certificate sequence will be input and the output -is the certificates contained in it. With the \fB\-toseq\fR option the -situation is reversed: a Netscape certificate sequence is created from -a file of certificates. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Output the certificates in a Netscape certificate sequence -.PP -.Vb 1 -\& openssl nseq -in nseq.pem -out certs.pem -.Ve -Create a Netscape certificate sequence -.PP -.Vb 1 -\& openssl nseq -in certs.pem -toseq -out nseq.pem -.Ve -.SH "NOTES" -.IX Header "NOTES" -The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- -.Ve -A Netscape certificate sequence is a Netscape specific form that can be sent -to browsers as an alternative to the standard PKCS#7 format when several -certificates are sent to the browser: for example during certificate enrollment. -It is used by Netscape certificate server for example. -.SH "BUGS" -.IX Header "BUGS" -This program needs a few more options: like allowing \s-1DER\s0 or \s-1PEM\s0 input and -output files and allowing multiple certificate files to be used. diff --git a/secure/lib/libcrypto/man/openssl.1 b/secure/lib/libcrypto/man/openssl.1 deleted file mode 100644 index 7511cb1..0000000 --- a/secure/lib/libcrypto/man/openssl.1 +++ /dev/null @@ -1,404 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:48 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "OPENSSL 1" -.TH OPENSSL 1 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -openssl \- OpenSSL command line tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR -\&\fIcommand\fR -[ \fIcommand_opts\fR ] -[ \fIcommand_args\fR ] -.PP -\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ] -.PP -\&\fBopenssl\fR \fBno-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 -v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related -cryptography standards required by them. -.PP -The \fBopenssl\fR program is a command line tool for using the various -cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. -It can be used for -.PP -.Vb 6 -\& o Creation of RSA, DH and DSA key parameters -\& o Creation of X.509 certificates, CSRs and CRLs -\& o Calculation of Message Digests -\& o Encryption and Decryption with Ciphers -\& o SSL/TLS Client and Server Tests -\& o Handling of S/MIME signed or encrypted mail -.Ve -.SH "COMMAND SUMMARY" -.IX Header "COMMAND SUMMARY" -The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the -\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments -(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). -.PP -The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR, -and \fBlist-cipher-commands\fR output a list (one entry per line) of the names -of all standard commands, message digest commands, or cipher commands, -respectively, that are available in the present \fBopenssl\fR utility. -.PP -The pseudo-command \fBno-\fR\fI\s-1XXX\s0\fR tests whether a command of the -specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it -returns 0 (success) and prints \fBno-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 -and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and -nothing is printed to \fBstderr\fR. Additional command line arguments -are always ignored. Since for each cipher there is a command of the -same name, this provides an easy way for shell scripts to test for the -availability of ciphers in the \fBopenssl\fR program. (\fBno-\fR\fI\s-1XXX\s0\fR is -not able to detect pseudo-commands such as \fBquit\fR, -\&\fBlist-\fR\fI...\fR\fB\-commands\fR, or \fBno-\fR\fI\s-1XXX\s0\fR itself.) -.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0" -.IX Subsection "STANDARD COMMANDS" -.Ip "\fBasn1parse\fR" 10 -.IX Item "asn1parse" -Parse an \s-1ASN\s0.1 sequence. -.Ip "\fBca\fR" 10 -.IX Item "ca" -Certificate Authority (\s-1CA\s0) Management. -.Ip "\fBciphers\fR" 10 -.IX Item "ciphers" -Cipher Suite Description Determination. -.Ip "\fBcrl\fR" 10 -.IX Item "crl" -Certificate Revocation List (\s-1CRL\s0) Management. -.Ip "\fBcrl2pkcs7\fR" 10 -.IX Item "crl2pkcs7" -\&\s-1CRL\s0 to PKCS#7 Conversion. -.Ip "\fBdgst\fR" 10 -.IX Item "dgst" -Message Digest Calculation. -.Ip "\fBdh\fR" 10 -.IX Item "dh" -Diffie-Hellman Parameter Management. -Obsoleted by \fBdhparam\fR. -.Ip "\fBdsa\fR" 10 -.IX Item "dsa" -\&\s-1DSA\s0 Data Management. -.Ip "\fBdsaparam\fR" 10 -.IX Item "dsaparam" -\&\s-1DSA\s0 Parameter Generation. -.Ip "\fBenc\fR" 10 -.IX Item "enc" -Encoding with Ciphers. -.Ip "\fBerrstr\fR" 10 -.IX Item "errstr" -Error Number to Error String Conversion. -.Ip "\fBdhparam\fR" 10 -.IX Item "dhparam" -Generation and Management of Diffie-Hellman Parameters. -.Ip "\fBgendh\fR" 10 -.IX Item "gendh" -Generation of Diffie-Hellman Parameters. -Obsoleted by \fBdhparam\fR. -.Ip "\fBgendsa\fR" 10 -.IX Item "gendsa" -Generation of \s-1DSA\s0 Parameters. -.Ip "\fBgenrsa\fR" 10 -.IX Item "genrsa" -Generation of \s-1RSA\s0 Parameters. -.Ip "\fBpasswd\fR" 10 -.IX Item "passwd" -Generation of hashed passwords. -.Ip "\fBpkcs12\fR" 10 -.IX Item "pkcs12" -PKCS#12 Data Management. -.Ip "\fBpkcs7\fR" 10 -.IX Item "pkcs7" -PKCS#7 Data Management. -.Ip "\fBrand\fR" 10 -.IX Item "rand" -Generate pseudo-random bytes. -.Ip "\fBreq\fR" 10 -.IX Item "req" -X.509 Certificate Signing Request (\s-1CSR\s0) Management. -.Ip "\fBrsa\fR" 10 -.IX Item "rsa" -\&\s-1RSA\s0 Data Management. -.Ip "\fBrsautl\fR" 10 -.IX Item "rsautl" -\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. -.Ip "\fBs_client\fR" 10 -.IX Item "s_client" -This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent -connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing -purposes only and provides only rudimentary interface functionality but -internally uses mostly all functionality of the OpenSSL \fBssl\fR library. -.Ip "\fBs_server\fR" 10 -.IX Item "s_server" -This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote -clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides -only rudimentary interface functionality but internally uses mostly all -functionality of the OpenSSL \fBssl\fR library. It provides both an own command -line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response -facility to emulate an SSL/TLS-aware webserver. -.Ip "\fBs_time\fR" 10 -.IX Item "s_time" -\&\s-1SSL\s0 Connection Timer. -.Ip "\fBsess_id\fR" 10 -.IX Item "sess_id" -\&\s-1SSL\s0 Session Data Management. -.Ip "\fBsmime\fR" 10 -.IX Item "smime" -S/MIME mail processing. -.Ip "\fBspeed\fR" 10 -.IX Item "speed" -Algorithm Speed Measurement. -.Ip "\fBverify\fR" 10 -.IX Item "verify" -X.509 Certificate Verification. -.Ip "\fBversion\fR" 10 -.IX Item "version" -OpenSSL Version Information. -.Ip "\fBx509\fR" 10 -.IX Item "x509" -X.509 Certificate Data Management. -.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" -.IX Subsection "MESSAGE DIGEST COMMANDS" -.Ip "\fBmd2\fR" 10 -.IX Item "md2" -\&\s-1MD2\s0 Digest -.Ip "\fBmd5\fR" 10 -.IX Item "md5" -\&\s-1MD5\s0 Digest -.Ip "\fBmdc2\fR" 10 -.IX Item "mdc2" -\&\s-1MDC2\s0 Digest -.Ip "\fBrmd160\fR" 10 -.IX Item "rmd160" -\&\s-1RMD-160\s0 Digest -.Ip "\fBsha\fR" 10 -.IX Item "sha" -\&\s-1SHA\s0 Digest -.Ip "\fBsha1\fR" 10 -.IX Item "sha1" -\&\s-1SHA-1\s0 Digest -.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" -.IX Subsection "ENCODING AND CIPHER COMMANDS" -.Ip "\fBbase64\fR" 10 -.IX Item "base64" -Base64 Encoding -.Ip "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10 -.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb" -Blowfish Cipher -.Ip "\fBcast cast-cbc\fR" 10 -.IX Item "cast cast-cbc" -\&\s-1CAST\s0 Cipher -.Ip "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10 -.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb" -\&\s-1CAST5\s0 Cipher -.Ip "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10 -.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb" -\&\s-1DES\s0 Cipher -.Ip "\fBdes3 desx des-ede3 des-ede3\-cbc des-ede3\-cfb des-ede3\-ofb\fR" 10 -.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb" -Triple-DES Cipher -.Ip "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10 -.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb" -\&\s-1IDEA\s0 Cipher -.Ip "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10 -.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb" -\&\s-1RC2\s0 Cipher -.Ip "\fBrc4\fR" 10 -.IX Item "rc4" -\&\s-1RC4\s0 Cipher -.Ip "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10 -.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb" -\&\s-1RC5\s0 Cipher -.SH "PASS PHRASE ARGUMENTS" -.IX Header "PASS PHRASE ARGUMENTS" -Several commands accept password arguments, typically using \fB\-passin\fR -and \fB\-passout\fR for input and output passwords respectively. These allow -the password to be obtained from a variety of sources. Both of these -options take a single argument whose format is described below. If no -password argument is given and a password is required then the user is -prompted to enter one: this will typically be read from the current -terminal with echoing turned off. -.Ip "\fBpass:password\fR" 10 -.IX Item "pass:password" -the actual password is \fBpassword\fR. Since the password is visible -to utilities (like 'ps' under Unix) this form should only be used -where security is not important. -.Ip "\fBenv:var\fR" 10 -.IX Item "env:var" -obtain the password from the environment variable \fBvar\fR. Since -the environment of other processes is visible on certain platforms -(e.g. ps under certain Unix OSes) this option should be used with caution. -.Ip "\fBfile:pathname\fR" 10 -.IX Item "file:pathname" -the first line of \fBpathname\fR is the password. If the same \fBpathname\fR -argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first -line will be used for the input password and the next line for the output -password. \fBpathname\fR need not refer to a regular file: it could for example -refer to a device or named pipe. -.Ip "\fBfd:number\fR" 10 -.IX Item "fd:number" -read the password from the file descriptor \fBnumber\fR. This can be used to -send the data via a pipe for example. -.Ip "\fBstdin\fR" 10 -.IX Item "stdin" -read the password from standard input. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -asn1parse(1), ca(1), config(5), -crl(1), crl2pkcs7(1), dgst(1), -dhparam(1), dsa(1), dsaparam(1), -enc(1), gendsa(1), -genrsa(1), nseq(1), openssl(1), -passwd(1), -pkcs12(1), pkcs7(1), pkcs8(1), -rand(1), req(1), rsa(1), -rsautl(1), s_client(1), -s_server(1), smime(1), spkac(1), -verify(1), version(1), x509(1), -crypto(3), ssl(3) -.SH "HISTORY" -.IX Header "HISTORY" -The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. -The \fBlist-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3; -the \fBno-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a. -For notes on the availability of other commands, see their individual -manual pages. diff --git a/secure/lib/libcrypto/man/passwd.1 b/secure/lib/libcrypto/man/passwd.1 deleted file mode 100644 index 1274f17..0000000 --- a/secure/lib/libcrypto/man/passwd.1 +++ /dev/null @@ -1,198 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:49 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PASSWD 1" -.TH PASSWD 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -passwd \- compute password hashes -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl passwd\fR -[\fB\-crypt\fR] -[\fB\-1\fR] -[\fB\-apr1\fR] -[\fB\-salt\fR \fIstring\fR] -[\fB\-in\fR \fIfile\fR] -[\fB\-stdin\fR] -[\fB\-quiet\fR] -[\fB\-table\fR] -{\fIpassword\fR} -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpasswd\fR command computes the hash of a password typed at -run-time or the hash of each password in a list. The password list is -taken from the named file for option \fB\-in file\fR, from stdin for -option \fB\-stdin\fR, and from the command line otherwise. -The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password -algorithm \fB1\fR and its Apache variant \fBapr1\fR are available. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-crypt\fR" 4 -.IX Item "-crypt" -Use the \fBcrypt\fR algorithm (default). -.Ip "\fB\-1\fR" 4 -.IX Item "-1" -Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. -.Ip "\fB\-apr1\fR" 4 -.IX Item "-apr1" -Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). -.Ip "\fB\-salt\fR \fIstring\fR" 4 -.IX Item "-salt string" -Use the specified salt. -.Ip "\fB\-in\fR \fIfile\fR" 4 -.IX Item "-in file" -Read passwords from \fIfile\fR. -.Ip "\fB\-stdin\fR" 4 -.IX Item "-stdin" -Read passwords from \fBstdin\fR. -.Ip "\fB\-quiet\fR" 4 -.IX Item "-quiet" -Don't output warnings when passwords given at the command line are truncated. -.Ip "\fB\-table\fR" 4 -.IX Item "-table" -In the output list, prepend the cleartext password and a \s-1TAB\s0 character -to each password hash. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -\&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR. -.PP -\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1\fR. -.PP -\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR. diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 new file mode 100644 index 0000000..6a61612 --- /dev/null +++ b/secure/lib/libcrypto/man/pem.3 @@ -0,0 +1,689 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:27 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "pem 3" +.TH pem 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +\&\s-1PEM\s0 \- \s-1PEM\s0 routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pem.h> +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +.Ve +.Vb 1 +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +.Ve +.Vb 1 +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +.Ve +.Vb 2 +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +.Ve +.Vb 1 +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +.Ve +.Vb 1 +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +.Ve +.Vb 1 +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +.Ve +.Vb 1 +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +.Ve +.Vb 1 +\& int PEM_write_DHparams(FILE *fp, DH *x); +.Ve +.Vb 1 +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +.Ve +.Vb 1 +\& int PEM_write_X509(FILE *fp, X509 *x); +.Ve +.Vb 1 +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +.Ve +.Vb 1 +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +.Ve +.Vb 2 +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +.Ve +.Vb 6 +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +.Ve +.Vb 1 +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +.Ve +.Vb 1 +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.Vb 3 +\& NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, +\& NETSCAPE_CERT_SEQUENCE **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp, +\& NETSCAPE_CERT_SEQUENCE **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x); +.Ve +.Vb 1 +\& int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +clarity the term "\fBfoobar\fR functions" will be used to collectively +refer to the \fIPEM_read_bio_foobar()\fR, \fIPEM_read_foobar()\fR, +\&\fIPEM_write_bio_foobar()\fR and \fIPEM_write_foobar()\fR functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in +\&\s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The write routines use +\&\*(L"traditional\*(R" private key format and can handle both \s-1RSA\s0 and \s-1DSA\s0 +private keys. The read functions can additionally transparently +handle PKCS#8 format encrypted and unencrypted keys too. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR +write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 +EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption +algorithms. The \fBcipher\fR argument specifies the encryption algoritm to +use: unlike all other \s-1PEM\s0 routines the encryption is applied at the +PKCS#8 level and not in the \s-1PEM\s0 headers. If \fBcipher\fR is \s-1NULL\s0 then no +encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA\s0. +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA\s0. +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA\s0. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA\s0. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a foobar structure. +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.PP +The \fB\s-1NETSCAPE_CERT_SEQUENCE\s0\fR functions process a Netscape Certificate +Sequence using a \s-1NETSCAPE_CERT_SEQUENCE\s0 structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return +a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function +uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not +\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fBx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fBcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then +\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +ignored. +.PP +If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not +\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same +value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fBmust\fR return the number of characters in the passphrase or 0 if +an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL\s0. +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 6 +\& X509 *x; +\& x = PEM_read_bio(bp, NULL, 0, NULL); +\& if (x == NULL) +\& { +\& /* Error */ +\& } +.Ve +Alternative method: +.PP +.Vb 5 +\& X509 *x = NULL; +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 4 +\& if (!PEM_write_bio_X509(bp, x)) +\& { +\& /* Error */ +\& } +.Ve +Write an unencrypted private key to a \s-1FILE\s0 pointer: +.PP +.Vb 4 +\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 4 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 4 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) +\& { +\& /* Error */ +\& } +.Ve +Read a private key from a \s-1BIO\s0 using the pass phrase \*(L"hello\*(R": +.PP +.Vb 5 +\& key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); +\& if (key == NULL) +\& { +\& /* Error */ +\& } +.Ve +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 5 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& { +\& /* Error */ +\& } +.Ve +Skeleton pass phrase callback: +.PP +.Vb 6 +\& int pass_cb(char *buf, int size, int rwflag, void *u); +\& { +\& int len; +\& char *tmp; +\& /* We'd probably do something else if 'rwflag' is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", u); +.Ve +.Vb 3 +\& /* get pass phrase, length 'len' into 'tmp' */ +\& tmp = "hello"; +\& len = strlen(tmp); +.Ve +.Vb 6 +\& if (len <= 0) return 0; +\& /* if too long, truncate */ +\& if (len > size) len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 2 +\& X509 *x; +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +this is a bug because an attempt will be made to reuse the data at \fBx\fR +which is an uninitialised pointer. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +This old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& -----BEGIN RSA PRIVATE KEY----- +\& Proc-Type: 4,ENCRYPTED +\& DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 +.Ve +.Vb 2 +\& ...base64 encoded data... +\& -----END RSA PRIVATE KEY----- +.Ve +The line beginning DEK-Info contains two comma separated pieces of information: +the encryption algorithm name as used by \fIEVP_get_cipherbyname()\fR and an 8 +byte \fBsalt\fR encoded as a set of hexadecimal digits. +.PP +After this is the base64 encoded encrypted data. +.PP +The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an +iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 +returned by \fIEVP_bytestokey()\fR. +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio(bp, &x, 0, NULL); +.Ve +where \fBx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio(bp, NULL, 0, NULL); +.Ve +is guaranteed to work. +.SH "RETURN CODES" +.IX Header "RETURN CODES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +is an error occurred. +.PP +The write routines return 1 for success or 0 for failure. diff --git a/secure/lib/libcrypto/man/pkcs12.1 b/secure/lib/libcrypto/man/pkcs12.1 deleted file mode 100644 index 4c5b81f..0000000 --- a/secure/lib/libcrypto/man/pkcs12.1 +++ /dev/null @@ -1,429 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:50 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PKCS12 1" -.TH PKCS12 1 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -pkcs12 \- PKCS#12 file utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBpkcs12\fR -[\fB\-export\fR] -[\fB\-chain\fR] -[\fB\-inkey filename\fR] -[\fB\-certfile filename\fR] -[\fB\-name name\fR] -[\fB\-caname name\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-noout\fR] -[\fB\-nomacver\fR] -[\fB\-nocerts\fR] -[\fB\-clcerts\fR] -[\fB\-cacerts\fR] -[\fB\-nokeys\fR] -[\fB\-info\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-nodes\fR] -[\fB\-noiter\fR] -[\fB\-maciter\fR] -[\fB\-twopass\fR] -[\fB\-descert\fR] -[\fB\-certpbe\fR] -[\fB\-keypbe\fR] -[\fB\-keyex\fR] -[\fB\-keysig\fR] -[\fB\-password arg\fR] -[\fB\-passin arg\fR] -[\fB\-passout arg\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as -\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several -programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -There are a lot of options the meaning of some depends of whether a PKCS#12 file -is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 -file can be created by using the \fB\-export\fR option (see below). -.SH "PARSING OPTIONS" -.IX Header "PARSING OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies filename of the PKCS#12 file to be parsed. Standard input is used -by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -The filename to write certificates and private keys to, standard output by default. -They are all written in \s-1PEM\s0 format. -.Ip "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 -.IX Item "-pass arg, -passin arg" -the PKCS#12 file (i.e. input file) password source. For more information about the -format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -pass phrase source to encrypt any outputed private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option inhibits output of the keys and certificates to the output file version -of the PKCS#12 file. -.Ip "\fB\-clcerts\fR" 4 -.IX Item "-clcerts" -only output client certificates (not \s-1CA\s0 certificates). -.Ip "\fB\-cacerts\fR" 4 -.IX Item "-cacerts" -only output \s-1CA\s0 certificates (not client certificates). -.Ip "\fB\-nocerts\fR" 4 -.IX Item "-nocerts" -no certificates at all will be output. -.Ip "\fB\-nokeys\fR" 4 -.IX Item "-nokeys" -no private keys will be output. -.Ip "\fB\-info\fR" 4 -.IX Item "-info" -output additional information about the PKCS#12 file structure, algorithms used and -iteration counts. -.Ip "\fB\-des\fR" 4 -.IX Item "-des" -use \s-1DES\s0 to encrypt private keys before outputting. -.Ip "\fB\-des3\fR" 4 -.IX Item "-des3" -use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. -.Ip "\fB\-idea\fR" 4 -.IX Item "-idea" -use \s-1IDEA\s0 to encrypt private keys before outputting. -.Ip "\fB\-nodes\fR" 4 -.IX Item "-nodes" -don't encrypt the private keys at all. -.Ip "\fB\-nomacver\fR" 4 -.IX Item "-nomacver" -don't attempt to verify the integrity \s-1MAC\s0 before reading the file. -.Ip "\fB\-twopass\fR" 4 -.IX Item "-twopass" -prompt for separate integrity and encryption passwords: most software -always assumes these are the same so this option will render such -PKCS#12 files unreadable. -.SH "FILE CREATION OPTIONS" -.IX Header "FILE CREATION OPTIONS" -.Ip "\fB\-export\fR" 4 -.IX Item "-export" -This option specifies that a PKCS#12 file will be created rather than -parsed. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies filename to write the PKCS#12 file to. Standard output is used -by default. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -The filename to read certificates and private keys from, standard input by default. -They must all be in \s-1PEM\s0 format. The order doesn't matter but one private key and -its corresponding certificate should be present. If additional certificates are -present they will also be included in the PKCS#12 file. -.Ip "\fB\-inkey filename\fR" 4 -.IX Item "-inkey filename" -file to read private key from. If not present then a private key must be present -in the input file. -.Ip "\fB\-name friendlyname\fR" 4 -.IX Item "-name friendlyname" -This specifies the \*(L"friendly name\*(R" for the certificate and private key. This name -is typically displayed in list boxes by software importing the file. -.Ip "\fB\-certfile filename\fR" 4 -.IX Item "-certfile filename" -A filename to read additional certificates from. -.Ip "\fB\-caname friendlyname\fR" 4 -.IX Item "-caname friendlyname" -This specifies the \*(L"friendly name\*(R" for other certificates. This option may be -used multiple times to specify names for all certificates in the order they -appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 -displays them. -.Ip "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 -.IX Item "-pass arg, -passout arg" -the PKCS#12 file (i.e. output file) password source. For more information about -the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-passin password\fR" 4 -.IX Item "-passin password" -pass phrase source to decrypt any input private keys with. For more information -about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in -openssl(1). -.Ip "\fB\-chain\fR" 4 -.IX Item "-chain" -if this option is present then an attempt is made to include the entire -certificate chain of the user certificate. The standard \s-1CA\s0 store is used -for this search. If the search fails it is considered a fatal error. -.Ip "\fB\-descert\fR" 4 -.IX Item "-descert" -encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 -file unreadable by some \*(L"export grade\*(R" software. By default the private -key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0. -.Ip "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 -.IX Item "-keypbe alg, -certpbe alg" -these options allow the algorithm used to encrypt the private key and -certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms -can be selected it is advisable only to use PKCS#12 algorithms. See the list -in the \fB\s-1NOTES\s0\fR section for more information. -.Ip "\fB\-keyex|\-keysig\fR" 4 -.IX Item "-keyex|-keysig" -specifies that the private key is to be used for key exchange or just signing. -This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally -\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for -encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR -option marks the key for signing only. Signing only keys can be used for -S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client -authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support -the use of signing only keys for \s-1SSL\s0 client authentication. -.Ip "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 -.IX Item "-nomaciter, -noiter" -these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. -Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave -these options alone. -.Sp -To discourage attacks by using large dictionaries of common passwords the -algorithm that derives keys from passwords can have an iteration count applied -to it: this causes a certain part of the algorithm to be repeated and slows it -down. The \s-1MAC\s0 is used to check the file integrity but since it will normally -have the same password as the keys and certificates it could also be attacked. -By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using -these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since -this reduces the file security you should not use these options unless you -really have to. Most software supports both \s-1MAC\s0 and key iteration counts. -\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR -option. -.Ip "\fB\-maciter\fR" 4 -.IX Item "-maciter" -This option is included for compatibility with previous versions, it used -to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.SH "NOTES" -.IX Header "NOTES" -Although there are a large number of options most of them are very rarely -used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used -for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. -.PP -If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present -then all certificates will be output in the order they appear in the input -PKCS#12 files. There is no guarantee that the first certificate present is -the one corresponding to the private key. Certain software which requires -a private key and certificate and assumes the first certificate in the -file is the one corresponding to the private key: this may not always -be the case. Using the \fB\-clcerts\fR option will solve this problem by only -outputing the certificate corresponding to the private key. If the \s-1CA\s0 -certificates are required then they can be output to a separate file using -the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates. -.PP -The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption -algorithms for private keys and certificates to be specified. Normally -the defaults are fine but occasionally software can't handle triple \s-1DES\s0 -encrypted private keys, then the option \fB\-keypbe \s-1PBE-SHA1\-RC2\-40\s0\fR can -be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete -description of all algorithms is contained in the \fBpkcs8\fR manual page. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Parse a PKCS#12 file and output it to a file: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -out file.pem -.Ve -Output only client certificates to a file: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -clcerts -out file.pem -.Ve -Don't encrypt the private key: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -out file.pem -nodes -.Ve -Print some info about a PKCS#12 file: -.PP -.Vb 1 -\& openssl pkcs12 -in file.p12 -info -noout -.Ve -Create a PKCS#12 file: -.PP -.Vb 1 -\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" -.Ve -Include some extra certificates: -.PP -.Vb 2 -\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \e -\& -certfile othercerts.pem -.Ve -.SH "BUGS" -.IX Header "BUGS" -Some would argue that the PKCS#12 standard is one big bug :\-) -.PP -Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation -routines. Under rare circumstances this could produce a PKCS#12 file encrypted -with an invalid key. As a result some PKCS#12 files which triggered this bug -from other implementations (\s-1MSIE\s0 or Netscape) could not be decrypted -by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could -not be decrypted by other implementations. The chances of producing such -a file are relatively small: less than 1 in 256. -.PP -A side effect of fixing this bug is that any old invalidly encrypted PKCS#12 -files cannot no longer be parsed by the fixed version. Under such circumstances -the \fBpkcs12\fR utility will report that the \s-1MAC\s0 is \s-1OK\s0 but fail with a decryption -error when extracting private keys. -.PP -This problem can be resolved by extracting the private keys and certificates -from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12 -file from the keys and certificates using a newer version of OpenSSL. For example: -.PP -.Vb 2 -\& old-openssl -in bad.p12 -out keycerts.pem -\& openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 -.Ve -.SH "SEE ALSO" -.IX Header "SEE ALSO" -pkcs8(1) diff --git a/secure/lib/libcrypto/man/pkcs7.1 b/secure/lib/libcrypto/man/pkcs7.1 deleted file mode 100644 index e7a89ad..0000000 --- a/secure/lib/libcrypto/man/pkcs7.1 +++ /dev/null @@ -1,223 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:50 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PKCS7 1" -.TH PKCS7 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -pkcs7 \- PKCS#7 utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBpkcs7\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-print_certs\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded PKCS#7 -v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of -the \s-1DER\s0 form with header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read from or standard input if this -option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-print_certs\fR" 4 -.IX Item "-print_certs" -prints out any certificates or CRLs contained in the file. They are -preceded by their subject and issuer names in one line format. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out certificates details in full rather than just subject and -issuer names. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the encoded version of the PKCS#7 structure (or certificates -is \fB\-print_certs\fR is set). -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 -.PP -.Vb 1 -\& openssl pkcs7 -in file.pem -outform DER -out file.der -.Ve -Output all certificates in a file: -.PP -.Vb 1 -\& openssl pkcs7 -in file.pem -print_certs -out certs.pem -.Ve -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN PKCS7----- -\& -----END PKCS7----- -.Ve -For compatability with some CAs it will also accept: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- -.Ve -.SH "RESTRICTIONS" -.IX Header "RESTRICTIONS" -There is no option to print out all the fields of a PKCS#7 file. -.PP -This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they -cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -crl2pkcs7(1) diff --git a/secure/lib/libcrypto/man/pkcs8.1 b/secure/lib/libcrypto/man/pkcs8.1 deleted file mode 100644 index 110df1a..0000000 --- a/secure/lib/libcrypto/man/pkcs8.1 +++ /dev/null @@ -1,348 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:51 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "PKCS8 1" -.TH PKCS8 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -pkcs8 \- PKCS#8 format private key conversion tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBpkcs8\fR -[\fB\-topk8\fR] -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-noiter\fR] -[\fB\-nocrypt\fR] -[\fB\-nooct\fR] -[\fB\-embed\fR] -[\fB\-nsdb\fR] -[\fB\-v2 alg\fR] -[\fB\-v1 alg\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle -both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo -format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-topk8\fR" 4 -.IX Item "-topk8" -Normally a PKCS#8 private key is expected on input and a traditional format -private key will be written. With the \fB\-topk8\fR option the situation is -reversed: it reads a traditional format private key and writes a PKCS#8 -format key. -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. If a PKCS#8 format key is expected on input -then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be -expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format -private key is used. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a key from or standard input if this -option is not specified. If the key is encrypted a pass phrase will be -prompted for. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write a key to or standard output by -default. If any encryption options are set then a pass phrase will be -prompted for. The output filename should \fBnot\fR be the same as the input -filename. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-nocrypt\fR" 4 -.IX Item "-nocrypt" -PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo -structures using an appropriate password based encryption algorithm. With -this option an unencrypted PrivateKeyInfo structure is expected or output. -This option does not encrypt private keys at all and should only be used -when absolutely necessary. Certain software such as some versions of Java -code signing software used unencrypted private keys. -.Ip "\fB\-nooct\fR" 4 -.IX Item "-nooct" -This option generates \s-1RSA\s0 private keys in a broken format that some software -uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0 -but some software just includes the structure itself without the -surrounding \s-1OCTET\s0 \s-1STRING\s0. -.Ip "\fB\-embed\fR" 4 -.IX Item "-embed" -This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are -embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0 -contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing -the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key. -.Ip "\fB\-nsdb\fR" 4 -.IX Item "-nsdb" -This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape -private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of -the public and private keys respectively. -.Ip "\fB\-v2 alg\fR" 4 -.IX Item "-v2 alg" -This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8 -private keys are encrypted with the password based encryption algorithm -called \fBpbeWithMD5AndDES-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it -was the strongest encryption algorithm supported in PKCS#5 v1.5. Using -the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any -encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however -not many implementations support PKCS#5 v2.0 yet. If you are just using -private keys with OpenSSL then this doesn't matter. -.Sp -The \fBalg\fR argument is the encryption algorithm to use, valid values include -\&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used. -.Ip "\fB\-v1 alg\fR" 4 -.IX Item "-v1 alg" -This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete -list of possible algorithms is included below. -.SH "NOTES" -.IX Header "NOTES" -The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following -headers and footers: -.PP -.Vb 2 -\& -----BEGIN ENCRYPTED PRIVATE KEY----- -\& -----END ENCRYPTED PRIVATE KEY----- -.Ve -The unencrypted form uses: -.PP -.Vb 2 -\& -----BEGIN PRIVATE KEY----- -\& -----END PRIVATE KEY----- -.Ve -Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration -counts are more secure that those encrypted using the traditional -SSLeay compatible formats. So if additional security is considered -important the keys should be converted. -.PP -The default encryption is only 56 bits because this is the encryption -that most current implementations of PKCS#8 will support. -.PP -Some software may use PKCS#12 password based encryption algorithms -with PKCS#8 format private keys: these are handled automatically -but there is no option to produce them. -.PP -It is possible to write out \s-1DER\s0 encoded encrypted private keys in -PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 -level whereas the traditional format includes them at a \s-1PEM\s0 level. -.SH "PKCS#5 v1.5 and PKCS#12 algorithms." -.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms." -Various algorithms can be used with the \fB\-v1\fR command line option, -including PKCS#5 v1.5 and PKCS#12. These are described in more detail -below. -.Ip "\fB\s-1PBE-MD2\-DES\s0 \s-1PBE-MD5\-DES\s0\fR" 4 -.IX Item "PBE-MD2-DES PBE-MD5-DES" -These algorithms were included in the original PKCS#5 v1.5 specification. -They only offer 56 bits of protection since they both use \s-1DES\s0. -.Ip "\fB\s-1PBE-SHA1\-RC2\-64\s0 \s-1PBE-MD2\-RC2\-64\s0 \s-1PBE-MD5\-RC2\-64\s0 \s-1PBE-SHA1\-DES\s0\fR" 4 -.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES" -These algorithms are not mentioned in the original PKCS#5 v1.5 specification -but they use the same key derivation algorithm and are supported by some -software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or -56 bit \s-1DES\s0. -.Ip "\fB\s-1PBE-SHA1\-RC4\-128\s0 \s-1PBE-SHA1\-RC4\-40\s0 \s-1PBE-SHA1\-3DES\s0 \s-1PBE-SHA1\-2DES\s0 \s-1PBE-SHA1\-RC2\-128\s0 \s-1PBE-SHA1\-RC2\-40\s0\fR" 4 -.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40" -These algorithms use the PKCS#12 password based encryption algorithm and -allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Convert a private from traditional to PKCS#5 v2.0 format using triple -\&\s-1DES:\s0 -.PP -.Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem -.Ve -Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm -(\s-1DES\s0): -.PP -.Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -.Ve -Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm -(3DES): -.PP -.Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES -.Ve -Read a \s-1DER\s0 unencrypted PKCS#8 format private key: -.PP -.Vb 1 -\& openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem -.Ve -Convert a private key from any PKCS#8 format to traditional format: -.PP -.Vb 1 -\& openssl pkcs8 -in pk8.pem -out key.pem -.Ve -.SH "STANDARDS" -.IX Header "STANDARDS" -Test vectors from this PKCS#5 v2.0 implementation were posted to the -pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration -counts, several people confirmed that they could decrypt the private -keys produced and Therefore it can be assumed that the PKCS#5 v2.0 -implementation is reasonably accurate at least as far as these -algorithms are concerned. -.PP -The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: -it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 -PKCS#8 private key format complies with this standard. -.SH "BUGS" -.IX Header "BUGS" -There should be an option that prints out the encryption algorithm -in use and other details such as the iteration count. -.PP -PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private -key format for OpenSSL: for compatibility several of the utilities use -the old format at present. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dsa(1), rsa(1), genrsa(1), -gendsa(1) diff --git a/secure/lib/libcrypto/man/rand.1 b/secure/lib/libcrypto/man/rand.1 deleted file mode 100644 index b9f16e5..0000000 --- a/secure/lib/libcrypto/man/rand.1 +++ /dev/null @@ -1,177 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:52 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "RAND 1" -.TH RAND 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -rand \- generate pseudo-random bytes -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl rand\fR -[\fB\-out\fR \fIfile\fR] -[\fB\-rand\fR \fI\fIfile\fI\|(s)\fR] -[\fB\-base64\fR] -\&\fInum\fR -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding -the random number generater once. As in other \fBopenssl\fR command -line tools, \s-1PRNG\s0 seeding uses the file \fI$HOME/\fR\fB.rnd\fR or \fB.rnd\fR -in addition to the files given in the \fB\-rand\fR option. A new -\&\fI$HOME\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough -seeding was obtained from these sources. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-out\fR \fIfile\fR" 4 -.IX Item "-out file" -Write to \fIfile\fR instead of standard output. -.Ip "\fB\-rand\fR \fI\fIfile\fI\|(s)\fR" 4 -.IX Item "-rand file" -Use specified file or files or \s-1EGD\s0 socket (see RAND_egd(3)) -for seeding the random number generator. -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fB\-base64\fR" 4 -.IX Item "-base64" -Perform base64 encoding on the output. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -RAND_bytes(3) diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 6f211bf..8010fbb 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:09 2002 +.\" Mon Jan 13 19:29:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "rand 3" -.TH rand 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH rand 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" rand \- pseudo-random number generator @@ -147,15 +147,17 @@ rand \- pseudo-random number generator .Vb 1 \& #include <openssl/rand.h> .Ve +.Vb 1 +\& int RAND_set_rand_engine(ENGINE *engine); +.Ve .Vb 2 \& int RAND_bytes(unsigned char *buf, int num); \& int RAND_pseudo_bytes(unsigned char *buf, int num); .Ve -.Vb 4 +.Vb 3 \& void RAND_seed(const void *buf, int num); \& void RAND_add(const void *buf, int num, int entropy); \& int RAND_status(void); -\& void RAND_screen(void); .Ve .Vb 3 \& int RAND_load_file(const char *file, long max_bytes); @@ -166,15 +168,33 @@ rand \- pseudo-random number generator \& int RAND_egd(const char *path); .Ve .Vb 3 -\& void RAND_set_rand_method(RAND_METHOD *meth); -\& RAND_METHOD *RAND_get_rand_method(void); +\& void RAND_set_rand_method(const RAND_METHOD *meth); +\& const RAND_METHOD *RAND_get_rand_method(void); \& RAND_METHOD *RAND_SSLeay(void); .Ve .Vb 1 \& void RAND_cleanup(void); .Ve +.Vb 3 +\& /* For Win32 only */ +\& void RAND_screen(void); +\& int RAND_event(UINT, WPARAM, LPARAM); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling +default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default +\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by +\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default +\&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened +way to control defaults. +.PP +If an alternative \fB\s-1RAND_METHOD\s0\fR implementation is being used (either set +directly or as provided by an \s-1ENGINE\s0 module), then it is entirely responsible +for the generation and management of a cryptographically secure \s-1PRNG\s0 stream. The +mechanisms described below relate solely to the software \s-1PRNG\s0 implementation +built in to OpenSSL and used by default. +.PP These functions implement a cryptographically secure pseudo-random number generator (\s-1PRNG\s0). It is used by other library functions for example to generate random keys, and applications can use it when they diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 8ff5347..6f9c522 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:09 2002 +.\" Mon Jan 13 19:29:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH rc4 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption diff --git a/secure/lib/libcrypto/man/req.1 b/secure/lib/libcrypto/man/req.1 deleted file mode 100644 index 9915eea..0000000 --- a/secure/lib/libcrypto/man/req.1 +++ /dev/null @@ -1,646 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:52 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "REQ 1" -.TH REQ 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -req \- PKCS#10 certificate and certificate generating utility. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBreq\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-verify\fR] -[\fB\-modulus\fR] -[\fB\-new\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[\fB\-newkey rsa:bits\fR] -[\fB\-newkey dsa:file\fR] -[\fB\-nodes\fR] -[\fB\-key filename\fR] -[\fB\-keyform PEM|DER\fR] -[\fB\-keyout filename\fR] -[\fB\-[md5|sha1|md2|mdc2]\fR] -[\fB\-config filename\fR] -[\fB\-x509\fR] -[\fB\-days n\fR] -[\fB\-asn1\-kludge\fR] -[\fB\-newhdr\fR] -[\fB\-extensions section\fR] -[\fB\-reqexts section\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBreq\fR command primarily creates and processes certificate requests -in PKCS#10 format. It can additionally create self signed certificates -for use as root CAs for example. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it -consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and -footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a request from or standard input -if this option is not specified. A request is only read if the creation -options (\fB\-new\fR and \fB\-newkey\fR) are not specified. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write to or standard output by -default. -.Ip "\fB\-passout arg\fR" 4 -.IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the certificate request in text form. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the request. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the modulus of the public key -contained in the request. -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verifies the signature on the request. -.Ip "\fB\-new\fR" 4 -.IX Item "-new" -this option generates a new certificate request. It will prompt -the user for the relevant field values. The actual fields -prompted for and their maximum and minimum sizes are specified -in the configuration file and any requested extensions. -.Sp -If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private -key using information specified in the configuration file. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fB\-newkey arg\fR" 4 -.IX Item "-newkey arg" -this option creates a new certificate request and a new private -key. The argument takes one of two forms. \fBrsa:nbits\fR, where -\&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR -in size. \fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters -in the file \fBfilename\fR. -.Ip "\fB\-key filename\fR" 4 -.IX Item "-key filename" -This specifies the file to read the private key from. It also -accepts PKCS#8 format private keys for \s-1PEM\s0 format files. -.Ip "\fB\-keyform PEM|DER\fR" 4 -.IX Item "-keyform PEM|DER" -the format of the private key file specified in the \fB\-key\fR -argument. \s-1PEM\s0 is the default. -.Ip "\fB\-keyout filename\fR" 4 -.IX Item "-keyout filename" -this gives the filename to write the newly created private key to. -If this option is not specified then the filename present in the -configuration file is used. -.Ip "\fB\-nodes\fR" 4 -.IX Item "-nodes" -if this option is specified then if a private key is created it -will not be encrypted. -.Ip "\fB\-[md5|sha1|md2|mdc2]\fR" 4 -.IX Item "-[md5|sha1|md2|mdc2]" -this specifies the message digest to sign the request with. This -overrides the digest algorithm specified in the configuration file. -This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. -.Ip "\fB\-config filename\fR" 4 -.IX Item "-config filename" -this allows an alternative configuration file to be specified, -this overrides the compile time filename or any specified in -the \fB\s-1OPENSSL_CONF\s0\fR environment variable. -.Ip "\fB\-x509\fR" 4 -.IX Item "-x509" -this option outputs a self signed certificate instead of a certificate -request. This is typically used to generate a test certificate or -a self signed root \s-1CA\s0. The extensions added to the certificate -(if any) are specified in the configuration file. -.Ip "\fB\-days n\fR" 4 -.IX Item "-days n" -when the \fB\-x509\fR option is being used this specifies the number of -days to certify the certificate for. The default is 30 days. -.Ip "\fB\-extensions section\fR" 4 -.IX Item "-extensions section" -.PD 0 -.Ip "\fB\-reqexts section\fR" 4 -.IX Item "-reqexts section" -.PD -these options specify alternative sections to include certificate -extensions (if the \fB\-x509\fR option is present) or certificate -request extensions. This allows several different sections to -be used in the same configuration file to specify requests for -a variety of purposes. -.Ip "\fB\-asn1\-kludge\fR" 4 -.IX Item "-asn1-kludge" -by default the \fBreq\fR command outputs certificate requests containing -no attributes in the correct PKCS#10 format. However certain CAs will only -accept requests containing no attributes in an invalid form: this -option produces this invalid format. -.Sp -More precisely the \fBAttributes\fR in a PKCS#10 certificate request -are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so -if no attributes are present then they should be encoded as an -empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty -\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does. -.Sp -It should be noted that very few CAs still require the use of this option. -.Ip "\fB\-newhdr\fR" 4 -.IX Item "-newhdr" -Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputed -request. Some software (Netscape certificate server) and some CAs need this. -.SH "CONFIGURATION FILE FORMAT" -.IX Header "CONFIGURATION FILE FORMAT" -The configuration options are specified in the \fBreq\fR section of -the configuration file. As with all configuration files if no -value is specified in the specific section (i.e. \fBreq\fR) then -the initial unnamed or \fBdefault\fR section is searched too. -.PP -The options available are described in detail below. -.Ip "\fBinput_password output_password\fR" 4 -.IX Item "input_password output_password" -The passwords for the input private key file (if present) and -the output private key file (if one will be created). The -command line options \fBpassin\fR and \fBpassout\fR override the -configuration file values. -.Ip "\fBdefault_bits\fR" 4 -.IX Item "default_bits" -This specifies the default key size in bits. If not specified then -512 is used. It is used if the \fB\-new\fR option is used. It can be -overridden by using the \fB\-newkey\fR option. -.Ip "\fBdefault_keyfile\fR" 4 -.IX Item "default_keyfile" -This is the default filename to write a private key to. If not -specified the key is written to standard output. This can be -overridden by the \fB\-keyout\fR option. -.Ip "\fBoid_file\fR" 4 -.IX Item "oid_file" -This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. -Each line of the file should consist of the numerical form of the -object identifier followed by white space then the short name followed -by white space and finally the long name. -.Ip "\fBoid_section\fR" 4 -.IX Item "oid_section" -This specifies a section in the configuration file containing extra -object identifiers. Each line should consist of the short name of the -object identifier followed by \fB=\fR and the numerical form. The short -and long names are the same when this option is used. -.Ip "\fB\s-1RANDFILE\s0\fR" 4 -.IX Item "RANDFILE" -This specifies a filename in which random number seed information is -placed and read from, or an \s-1EGD\s0 socket (see RAND_egd(3)). -It is used for private key generation. -.Ip "\fBencrypt_key\fR" 4 -.IX Item "encrypt_key" -If this is set to \fBno\fR then if a private key is generated it is -\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line -option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. -.Ip "\fBdefault_md\fR" 4 -.IX Item "default_md" -This option specifies the digest algorithm to use. Possible values -include \fBmd5 sha1 mdc2\fR. If not present then \s-1MD5\s0 is used. This -option can be overridden on the command line. -.Ip "\fBstring_mask\fR" 4 -.IX Item "string_mask" -This option masks out the use of certain string types in certain -fields. Most users will not need to change this option. -.Sp -It can be set to several values \fBdefault\fR which is also the default -option uses PrintableStrings, T61Strings and BMPStrings if the -\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will -be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the -\&\fButf8only\fR option is used then only UTF8Strings will be used: this -is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR -option just uses PrintableStrings and T61Strings: certain software has -problems with BMPStrings and UTF8Strings: in particular Netscape. -.Ip "\fBreq_extensions\fR" 4 -.IX Item "req_extensions" -this specifies the configuration file section containing a list of -extensions to add to the certificate request. It can be overridden -by the \fB\-reqexts\fR command line switch. -.Ip "\fBx509_extensions\fR" 4 -.IX Item "x509_extensions" -this specifies the configuration file section containing a list of -extensions to add to certificate generated when the \fB\-x509\fR switch -is used. It can be overridden by the \fB\-extensions\fR command line switch. -.Ip "\fBprompt\fR" 4 -.IX Item "prompt" -if set to the value \fBno\fR this disables prompting of certificate fields -and just takes values from the config file directly. It also changes the -expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. -.Ip "\fBattributes\fR" 4 -.IX Item "attributes" -this specifies the section containing any request attributes: its format -is the same as \fBdistinguished_name\fR. Typically these may contain the -challengePassword or unstructuredName types. They are currently ignored -by OpenSSL's request signing utilities but some CAs might want them. -.Ip "\fBdistinguished_name\fR" 4 -.IX Item "distinguished_name" -This specifies the section containing the distinguished name fields to -prompt for when generating a certificate or certificate request. The format -is described in the next section. -.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" -.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" -There are two separate formats for the distinguished name and attribute -sections. If the \fBprompt\fR option is set to \fBno\fR then these sections -just consist of field names and values: for example, -.PP -.Vb 3 -\& CN=My Name -\& OU=My Organization -\& emailAddress=someone@somewhere.org -.Ve -This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file -with all the field names and values and just pass it to \fBreq\fR. An example -of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. -.PP -Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the -file contains field prompting information. It consists of lines of the form: -.PP -.Vb 4 -\& fieldName="prompt" -\& fieldName_default="default field value" -\& fieldName_min= 2 -\& fieldName_max= 4 -.Ve -\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). -The \*(L"prompt\*(R" string is used to ask the user to enter the relevant -details. If the user enters nothing then the default value is used if no -default value is present then the field is omitted. A field can -still be omitted if a default value is present if the user just -enters the '.' character. -.PP -The number of characters entered must be between the fieldName_min and -fieldName_max limits: there may be additional restrictions based -on the field being used (for example countryName can only ever be -two characters long and must fit in a PrintableString). -.PP -Some fields (such as organizationName) can be used more than once -in a \s-1DN\s0. This presents a problem because configuration files will -not recognize the same name occurring twice. To avoid this problem -if the fieldName contains some characters followed by a full stop -they will be ignored. So for example a second organizationName can -be input by calling it \*(L"1.organizationName\*(R". -.PP -The actual permitted field names are any object identifier short or -long names. These are compiled into OpenSSL and include the usual -values such as commonName, countryName, localityName, organizationName, -organizationUnitName, stateOrPrivinceName. Additionally emailAddress -is include as well as name, surname, givenName initials and dnQualifier. -.PP -Additional object identifiers can be defined with the \fBoid_file\fR or -\&\fBoid_section\fR options in the configuration file. Any additional fields -will be treated as though they were a DirectoryString. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Examine and verify certificate request: -.PP -.Vb 1 -\& openssl req -in req.pem -text -verify -noout -.Ve -Create a private key and then generate a certificate request from it: -.PP -.Vb 2 -\& openssl genrsa -out key.pem 1024 -\& openssl req -new -key key.pem -out req.pem -.Ve -The same but just using req: -.PP -.Vb 1 -\& openssl req -newkey rsa:1024 -keyout key.pem -out req.pem -.Ve -Generate a self signed root certificate: -.PP -.Vb 1 -\& openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem -.Ve -Example of a file pointed to by the \fBoid_file\fR option: -.PP -.Vb 2 -\& 1.2.3.4 shortName A longer Name -\& 1.2.3.6 otherName Other longer Name -.Ve -Example of a section pointed to by \fBoid_section\fR making use of variable -expansion: -.PP -.Vb 2 -\& testoid1=1.2.3.5 -\& testoid2=${testoid1}.6 -.Ve -Sample configuration file prompting for field values: -.PP -.Vb 6 -\& [ req ] -\& default_bits = 1024 -\& default_keyfile = privkey.pem -\& distinguished_name = req_distinguished_name -\& attributes = req_attributes -\& x509_extensions = v3_ca -.Ve -.Vb 1 -\& dirstring_type = nobmp -.Ve -.Vb 5 -\& [ req_distinguished_name ] -\& countryName = Country Name (2 letter code) -\& countryName_default = AU -\& countryName_min = 2 -\& countryName_max = 2 -.Ve -.Vb 1 -\& localityName = Locality Name (eg, city) -.Ve -.Vb 1 -\& organizationalUnitName = Organizational Unit Name (eg, section) -.Ve -.Vb 2 -\& commonName = Common Name (eg, YOUR name) -\& commonName_max = 64 -.Ve -.Vb 2 -\& emailAddress = Email Address -\& emailAddress_max = 40 -.Ve -.Vb 4 -\& [ req_attributes ] -\& challengePassword = A challenge password -\& challengePassword_min = 4 -\& challengePassword_max = 20 -.Ve -.Vb 1 -\& [ v3_ca ] -.Ve -.Vb 3 -\& subjectKeyIdentifier=hash -\& authorityKeyIdentifier=keyid:always,issuer:always -\& basicConstraints = CA:true -.Ve -Sample configuration containing all field values: -.PP -.Vb 1 -\& RANDFILE = $ENV::HOME/.rnd -.Ve -.Vb 7 -\& [ req ] -\& default_bits = 1024 -\& default_keyfile = keyfile.pem -\& distinguished_name = req_distinguished_name -\& attributes = req_attributes -\& prompt = no -\& output_password = mypass -.Ve -.Vb 8 -\& [ req_distinguished_name ] -\& C = GB -\& ST = Test State or Province -\& L = Test Locality -\& O = Organization Name -\& OU = Organizational Unit Name -\& CN = Common Name -\& emailAddress = test@email.address -.Ve -.Vb 2 -\& [ req_attributes ] -\& challengePassword = A challenge password -.Ve -.SH "NOTES" -.IX Header "NOTES" -The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE REQUEST---- -\& -----END CERTIFICATE REQUEST---- -.Ve -some software (some versions of Netscape certificate server) instead needs: -.PP -.Vb 2 -\& -----BEGIN NEW CERTIFICATE REQUEST---- -\& -----END NEW CERTIFICATE REQUEST---- -.Ve -which is produced with the \fB\-newhdr\fR option but is otherwise compatible. -Either form is accepted transparently on input. -.PP -The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions -added. It includes the \fBkeyUsage\fR extension which determines the type of -key (signature only or general purpose) and any additional OIDs entered -by the script in an extendedKeyUsage extension. -.SH "DIAGNOSTICS" -.IX Header "DIAGNOSTICS" -The following messages are frequently asked about: -.PP -.Vb 2 -\& Using configuration from /some/path/openssl.cnf -\& Unable to load config info -.Ve -This is followed some time later by... -.PP -.Vb 2 -\& unable to find 'distinguished_name' in config -\& problems making Certificate Request -.Ve -The first error message is the clue: it can't find the configuration -file! Certain operations (like examining a certificate request) don't -need a configuration file so its use isn't enforced. Generation of -certificates or requests however does need a configuration file. This -could be regarded as a bug. -.PP -Another puzzling message is this: -.PP -.Vb 2 -\& Attributes: -\& a0:00 -.Ve -this is displayed when no attributes are present and the request includes -the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 -0x00). If you just see: -.PP -.Vb 1 -\& Attributes: -.Ve -then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but -it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR -for more information. -.SH "ENVIRONMENT VARIABLES" -.IX Header "ENVIRONMENT VARIABLES" -The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration -file location to be specified, it will be overridden by the \fB\-config\fR command -line switch if it is present. For compatibility reasons the \fB\s-1SSLEAY_CONF\s0\fR -environment variable serves the same purpose but its use is discouraged. -.SH "BUGS" -.IX Header "BUGS" -OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively -treats them as \s-1ISO-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. -This can cause problems if you need characters that aren't available in -PrintableStrings and you don't want to or can't use BMPStrings. -.PP -As a consequence of the T61String handling the only correct way to represent -accented characters in OpenSSL is to use a BMPString: unfortunately Netscape -currently chokes on these. If you have to use accented characters with Netscape -and \s-1MSIE\s0 then you currently need to use the invalid T61String form. -.PP -The current prompting is not very friendly. It doesn't allow you to confirm what -you've just entered. Other things like extensions in certificate requests are -statically defined in the configuration file. Some of these: like an email -address in subjectAltName should be input by the user. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), ca(1), genrsa(1), -gendsa(1), config(5) diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index a8ba8e2..507da0c 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:10 2002 +.\" Mon Jan 13 19:29:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ripemd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- diff --git a/secure/lib/libcrypto/man/rsa.1 b/secure/lib/libcrypto/man/rsa.1 deleted file mode 100644 index 560c144..0000000 --- a/secure/lib/libcrypto/man/rsa.1 +++ /dev/null @@ -1,301 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:53 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "RSA 1" -.TH RSA 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -rsa \- \s-1RSA\s0 key processing tool -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBrsa\fR -[\fB\-inform PEM|NET|DER\fR] -[\fB\-outform PEM|NET|DER\fR] -[\fB\-in filename\fR] -[\fB\-passin arg\fR] -[\fB\-out filename\fR] -[\fB\-passout arg\fR] -[\fB\-sgckey\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-idea\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-modulus\fR] -[\fB\-check\fR] -[\fB\-pubin\fR] -[\fB\-pubout\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various -forms and their components printed out. \fBNote\fR this command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the \fBpkcs8\fR -utility. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|NET|PEM\fR" 4 -.IX Item "-inform DER|NET|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. -The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 -encoded with additional header and footer lines. On input PKCS#8 format private -keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR -section. -.Ip "\fB\-outform DER|NET|PEM\fR" 4 -.IX Item "-outform DER|NET|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a key from or standard input if this -option is not specified. If the key is encrypted a pass phrase will be -prompted for. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write a key to or standard output if this -option is not specified. If any encryption options are set then a pass phrase -will be prompted for. The output filename should \fBnot\fR be the same as the input -filename. -.Ip "\fB\-passout password\fR" 4 -.IX Item "-passout password" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-sgckey\fR" 4 -.IX Item "-sgckey" -use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 -keys. -.Ip "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. -If none of these options is specified the key is written in plain text. This -means that using the \fBrsa\fR utility to read in an encrypted key with no -encryption option can be used to remove the pass phrase from a key, or by -setting the encryption options it can be use to add or change the pass phrase. -These options can only be used with \s-1PEM\s0 format output files. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the various public or private key components in -plain text in addition to the encoded version. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the key. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the modulus of the key. -.Ip "\fB\-check\fR" 4 -.IX Item "-check" -this option checks the consistency of an \s-1RSA\s0 private key. -.Ip "\fB\-pubin\fR" 4 -.IX Item "-pubin" -by default a private key is read from the input file: with this -option a public key is read instead. -.Ip "\fB\-pubout\fR" 4 -.IX Item "-pubout" -by default a private key is output: with this option a public -key will be output instead. This option is automatically set if -the input is a public key. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 private key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN RSA PRIVATE KEY----- -\& -----END RSA PRIVATE KEY----- -.Ve -The \s-1PEM\s0 public key format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- -.Ve -The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers -and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. -It is not very secure and so should only be used when necessary. -.PP -Some newer version of \s-1IIS\s0 have additional data in the exported .key -files. To use thse with the utility view the file with a binary editor -and look for the string \*(L"private-key\*(R", then trace back to the byte -sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data -from this point onwards to another file and use that as the input -to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get -an error after entering the password try the \fB\-sgckey\fR option. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -To remove the pass phrase on an \s-1RSA\s0 private key: -.PP -.Vb 1 -\& openssl rsa -in key.pem -out keyout.pem -.Ve -To encrypt a private key using triple \s-1DES:\s0 -.PP -.Vb 1 -\& openssl rsa -in key.pem -des3 -out keyout.pem -.Ve -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: -.PP -.Vb 1 -\& openssl rsa -in key.pem -outform DER -out keyout.der -.Ve -To print out the components of a private key to standard output: -.PP -.Vb 1 -\& openssl rsa -in key.pem -text -noout -.Ve -To just output the public part of a private key: -.PP -.Vb 1 -\& openssl rsa -in key.pem -pubout -out pubkey.pem -.Ve -.SH "BUGS" -.IX Header "BUGS" -The command line password arguments don't currently work with -\&\fB\s-1NET\s0\fR format. -.PP -There should be an option that automatically handles .key files, -without having to manually edit them. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -pkcs8(1), dsa(1), genrsa(1), -gendsa(1) diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 1667d44..4cb1a27 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:10 2002 +.\" Mon Jan 13 19:29:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,24 +138,29 @@ .\" ====================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH rsa 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" rsa \- \s-1RSA\s0 public key cryptosystem .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/rsa.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& RSA * RSA_new(void); \& void RSA_free(RSA *rsa); .Ve -.Vb 4 +.Vb 8 \& int RSA_public_encrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& int RSA_private_decrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); .Ve .Vb 4 \& int RSA_sign(int type, unsigned char *m, unsigned int m_len, @@ -164,7 +169,7 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); .Ve .Vb 1 -\& int RSA_size(RSA *rsa); +\& int RSA_size(const RSA *rsa); .Ve .Vb 2 \& RSA *RSA_generate_key(int num, unsigned long e, @@ -177,16 +182,15 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); \& void RSA_blinding_off(RSA *rsa); .Ve -.Vb 9 -\& void RSA_set_default_method(RSA_METHOD *meth); -\& RSA_METHOD *RSA_get_default_method(void); -\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); -\& RSA_METHOD *RSA_get_method(RSA *rsa); +.Vb 8 +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& const RSA_METHOD *RSA_get_default_method(void); +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& const RSA_METHOD *RSA_get_method(const RSA *rsa); \& RSA_METHOD *RSA_PKCS1_SSLeay(void); -\& RSA_METHOD *RSA_PKCS1_RSAref(void); \& RSA_METHOD *RSA_null_method(void); -\& int RSA_flags(RSA *rsa); -\& RSA *RSA_new_method(RSA_METHOD *method); +\& int RSA_flags(const RSA *rsa); +\& RSA *RSA_new_method(ENGINE *engine); .Ve .Vb 2 \& int RSA_print(BIO *bp, RSA *x, int offset); @@ -198,12 +202,6 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& int RSA_set_ex_data(RSA *r,int idx,char *arg); \& char *RSA_get_ex_data(RSA *r, int idx); .Ve -.Vb 4 -\& int RSA_private_encrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa,int padding); -\& int RSA_public_decrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa,int padding); -.Ve .Vb 6 \& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, \& unsigned int m_len, unsigned char *sigret, unsigned int *siglen, @@ -241,6 +239,14 @@ In public keys, the private exponent and the related secret values are \&\fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR may be \fB\s-1NULL\s0\fR in private keys, but the \s-1RSA\s0 operations are much faster when these values are available. +.PP +Note that \s-1RSA\s0 keys may use non-standard \fB\s-1RSA_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1RSA\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 @@ -250,7 +256,7 @@ available. .SH "SEE ALSO" .IX Header "SEE ALSO" rsa(1), bn(3), dsa(3), dh(3), -rand(3), RSA_new(3), +rand(3), engine(3), RSA_new(3), RSA_public_encrypt(3), RSA_sign(3), RSA_size(3), RSA_generate_key(3), diff --git a/secure/lib/libcrypto/man/rsautl.1 b/secure/lib/libcrypto/man/rsautl.1 deleted file mode 100644 index 62b7552..0000000 --- a/secure/lib/libcrypto/man/rsautl.1 +++ /dev/null @@ -1,312 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:54 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "RSAUTL 1" -.TH RSAUTL 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -rsautl \- \s-1RSA\s0 utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBrsautl\fR -[\fB\-in file\fR] -[\fB\-out file\fR] -[\fB\-inkey file\fR] -[\fB\-pubin\fR] -[\fB\-certin\fR] -[\fB\-sign\fR] -[\fB\-verify\fR] -[\fB\-encrypt\fR] -[\fB\-decrypt\fR] -[\fB\-pkcs\fR] -[\fB\-ssl\fR] -[\fB\-raw\fR] -[\fB\-hexdump\fR] -[\fB\-asn1parse\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBrsautl\fR command can be used to sign, verify, encrypt and decrypt -data using the \s-1RSA\s0 algorithm. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read data from or standard input -if this option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-inkey file\fR" 4 -.IX Item "-inkey file" -the input key file, by default it should be an \s-1RSA\s0 private key. -.Ip "\fB\-pubin\fR" 4 -.IX Item "-pubin" -the input file is an \s-1RSA\s0 public key. -.Ip "\fB\-certin\fR" 4 -.IX Item "-certin" -the input is a certificate containing an \s-1RSA\s0 public key. -.Ip "\fB\-sign\fR" 4 -.IX Item "-sign" -sign the input data and output the signed result. This requires -and \s-1RSA\s0 private key. -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verify the input data and output the recovered data. -.Ip "\fB\-encrypt\fR" 4 -.IX Item "-encrypt" -encrypt the input data using an \s-1RSA\s0 public key. -.Ip "\fB\-decrypt\fR" 4 -.IX Item "-decrypt" -decrypt the input data using an \s-1RSA\s0 private key. -.Ip "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 -.IX Item "-pkcs, -oaep, -ssl, -raw" -the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, -special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, -or no padding, respectively. -For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. -.Ip "\fB\-hexdump\fR" 4 -.IX Item "-hexdump" -hex dump the output data. -.Ip "\fB\-asn1parse\fR" 4 -.IX Item "-asn1parse" -asn1parse the output data, this is useful when combined with the -\&\fB\-verify\fR option. -.SH "NOTES" -.IX Header "NOTES" -\&\fBrsautl\fR because it uses the \s-1RSA\s0 algorithm directly can only be -used to sign or verify small pieces of data. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Sign some data using a private key: -.PP -.Vb 1 -\& openssl rsautl -sign -in file -inkey key.pem -out sig -.Ve -Recover the signed data -.PP -.Vb 1 -\& openssl rsautl -verify -in sig -inkey key.pem -.Ve -Examine the raw signed data: -.PP -.Vb 1 -\& openssl rsautl -verify -in file -inkey key.pem -raw -hexdump -.Ve -.Vb 8 -\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world -.Ve -The PKCS#1 block formatting is evident from this. If this was done using -encrypt and decrypt the block would have been of type 2 (the second byte) -and random padding data visible instead of the 0xff bytes. -.PP -It is possible to analyse the signature of certificates using this -utility in conjunction with \fBasn1parse\fR. Consider the self signed -example in certs/pca-cert.pem . Running \fBasn1parse\fR as follows yields: -.PP -.Vb 1 -\& openssl asn1parse -in pca-cert.pem -.Ve -.Vb 18 -\& 0:d=0 hl=4 l= 742 cons: SEQUENCE -\& 4:d=1 hl=4 l= 591 cons: SEQUENCE -\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] -\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 -\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 -\& 16:d=2 hl=2 l= 13 cons: SEQUENCE -\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption -\& 29:d=3 hl=2 l= 0 prim: NULL -\& 31:d=2 hl=2 l= 92 cons: SEQUENCE -\& 33:d=3 hl=2 l= 11 cons: SET -\& 35:d=4 hl=2 l= 9 cons: SEQUENCE -\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName -\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU -\& .... -\& 599:d=1 hl=2 l= 13 cons: SEQUENCE -\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption -\& 612:d=2 hl=2 l= 0 prim: NULL -\& 614:d=1 hl=3 l= 129 prim: BIT STRING -.Ve -The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: -.PP -.Vb 1 -\& openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 -.Ve -The certificate public key can be extracted with: -.PP -.Vb 1 -\& openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem -.Ve -The signature can be analysed with: -.PP -.Vb 1 -\& openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin -.Ve -.Vb 6 -\& 0:d=0 hl=2 l= 32 cons: SEQUENCE -\& 2:d=1 hl=2 l= 12 cons: SEQUENCE -\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 -\& 14:d=2 hl=2 l= 0 prim: NULL -\& 16:d=1 hl=2 l= 16 prim: OCTET STRING -\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. -.Ve -This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that -the digest used was md5. The actual part of the certificate that was signed can -be extracted with: -.PP -.Vb 1 -\& openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 -.Ve -and its digest computed with: -.PP -.Vb 2 -\& openssl md5 -c tbs -\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 -.Ve -which it can be seen agrees with the recovered value above. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -dgst(1), rsa(1), genrsa(1) diff --git a/secure/lib/libcrypto/man/s_client.1 b/secure/lib/libcrypto/man/s_client.1 deleted file mode 100644 index e7c3665..0000000 --- a/secure/lib/libcrypto/man/s_client.1 +++ /dev/null @@ -1,336 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:54 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "0.9.6e" "2001-05-19" "OpenSSL" -.UC -.SH "NAME" -s_client \- \s-1SSL/TLS\s0 client program -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBs_client\fR -[\fB\-connect\fR host:port>] -[\fB\-verify depth\fR] -[\fB\-cert filename\fR] -[\fB\-key filename\fR] -[\fB\-CApath directory\fR] -[\fB\-CAfile filename\fR] -[\fB\-reconnect\fR] -[\fB\-pause\fR] -[\fB\-showcerts\fR] -[\fB\-debug\fR] -[\fB\-nbio_test\fR] -[\fB\-state\fR] -[\fB\-nbio\fR] -[\fB\-crlf\fR] -[\fB\-ign_eof\fR] -[\fB\-quiet\fR] -[\fB\-ssl2\fR] -[\fB\-ssl3\fR] -[\fB\-tls1\fR] -[\fB\-no_ssl2\fR] -[\fB\-no_ssl3\fR] -[\fB\-no_tls1\fR] -[\fB\-bugs\fR] -[\fB\-cipher cipherlist\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects -to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for -\&\s-1SSL\s0 servers. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-connect host:port\fR" 4 -.IX Item "-connect host:port" -This specifies the host and optional port to connect to. If not specified -then an attempt is made to connect to the local host on port 4433. -.Ip "\fB\-cert certname\fR" 4 -.IX Item "-cert certname" -The certificate to use, if one is requested by the server. The default is -not to use a certificate. -.Ip "\fB\-key keyfile\fR" 4 -.IX Item "-key keyfile" -The private key to use. If not specified then the certificate file will -be used. -.Ip "\fB\-verify depth\fR" 4 -.IX Item "-verify depth" -The verify depth to use. This specifies the maximum length of the -server certificate chain and turns on server certificate verification. -Currently the verify operation continues after errors so all the problems -with a certificate chain can be seen. As a side effect the connection -will never fail due to a server certificate verify failure. -.Ip "\fB\-CApath directory\fR" 4 -.IX Item "-CApath directory" -The directory to use for server certificate verification. This directory -must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are -also used when building the client certificate chain. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file containing trusted certificates to use during server authentication -and to use when attempting to build the client certificate chain. -.Ip "\fB\-reconnect\fR" 4 -.IX Item "-reconnect" -reconnects to the same server 5 times using the same session \s-1ID\s0, this can -be used as a test that session caching is working. -.Ip "\fB\-pause\fR" 4 -.IX Item "-pause" -pauses 1 second between each read and write call. -.Ip "\fB\-showcerts\fR" 4 -.IX Item "-showcerts" -display the whole server certificate chain: normally only the server -certificate itself is displayed. -.Ip "\fB\-prexit\fR" 4 -.IX Item "-prexit" -print session information when the program exits. This will always attempt -to print out information even if the connection fails. Normally information -will only be printed out once if the connection succeeds. This option is useful -because the cipher in use may be renegotiated or the connection may fail -because a client certificate is required or is requested only after an -attempt is made to access a certain \s-1URL\s0. Note: the output produced by this -option is not always accurate because a connection might never have been -established. -.Ip "\fB\-state\fR" 4 -.IX Item "-state" -prints out the \s-1SSL\s0 session states. -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -print extensive debugging information including a hex dump of all traffic. -.Ip "\fB\-nbio_test\fR" 4 -.IX Item "-nbio_test" -tests non-blocking I/O -.Ip "\fB\-nbio\fR" 4 -.IX Item "-nbio" -turns on non-blocking I/O -.Ip "\fB\-crlf\fR" 4 -.IX Item "-crlf" -this option translated a line feed from the terminal into \s-1CR+LF\s0 as required -by some servers. -.Ip "\fB\-ign_eof\fR" 4 -.IX Item "-ign_eof" -inhibit shutting down the connection when end of file is reached in the -input. -.Ip "\fB\-quiet\fR" 4 -.IX Item "-quiet" -inhibit printing of session and certificate information. This implicitely -turns on \fB\-ign_eof\fR as well. -.Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 -.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" -these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. -.Sp -Unfortunately there are a lot of ancient and broken servers in use which -cannot handle this technique and will fail to connect. Some servers only -work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only -support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option. -.Ip "\fB\-bugs\fR" 4 -.IX Item "-bugs" -there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this -option enables various workarounds. -.Ip "\fB\-cipher cipherlist\fR" 4 -.IX Item "-cipher cipherlist" -this allows the cipher list sent by the client to be modified. Although -the server determines which cipher suite is used it should take the first -supported cipher in the list sent by the client. See the \fBciphers\fR -command for more information. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.SH "CONNECTED COMMANDS" -.IX Header "CONNECTED COMMANDS" -If a connection is established with an \s-1SSL\s0 server then any data received -from the server is displayed and any key presses will be sent to the -server. When used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR -have been given), the session will be renegociated if the line begins with an -\&\fBR\fR, and if the line begins with a \fBQ\fR or if end of file is reached, the -connection will be closed down. -.SH "NOTES" -.IX Header "NOTES" -\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 -server the command: -.PP -.Vb 1 -\& openssl s_client -connect servername:443 -.Ve -would typically be used (https uses port 443). If the connection succeeds -then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. -.PP -If the handshake fails then there are several possible causes, if it is -nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR, -\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR can be tried -in case it is a buggy server. In particular you should play with these -options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. -.PP -A frequent problem when attempting to get client certificates working -is that a web client complains it has no certificates or gives an empty -list to choose from. This is normally because the server is not sending -the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it -requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed -and checked. However some servers only request client authentication -after a specific \s-1URL\s0 is requested. To obtain the list in this case it -is necessary to use the \fB\-prexit\fR command and send an \s-1HTTP\s0 request -for an appropriate page. -.PP -If a certificate is specified on the command line using the \fB\-cert\fR -option it will not be used unless the server specifically requests -a client certificate. Therefor merely including a client certificate -on the command line is no guarantee that the certificate works. -.PP -If there are problems verifying a server certificate then the -\&\fB\-showcerts\fR option can be used to show the whole chain. -.SH "BUGS" -.IX Header "BUGS" -Because this program has a lot of options and also because some of -the techniques used are rather old, the C source of s_client is rather -hard to read and not a model of how things should be done. A typical -\&\s-1SSL\s0 client program would be much simpler. -.PP -The \fB\-verify\fR option should really exit if the server verification -fails. -.PP -The \fB\-prexit\fR option is a bit of a hack. We should really report -information whenever a session is renegotiated. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -sess_id(1), s_server(1), ciphers(1) diff --git a/secure/lib/libcrypto/man/s_server.1 b/secure/lib/libcrypto/man/s_server.1 deleted file mode 100644 index a021746..0000000 --- a/secure/lib/libcrypto/man/s_server.1 +++ /dev/null @@ -1,366 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:55 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "S_SERVER 1" -.TH S_SERVER 1 "0.9.6e" "2001-07-19" "OpenSSL" -.UC -.SH "NAME" -s_server \- \s-1SSL/TLS\s0 server program -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBs_server\fR -[\fB\-accept port\fR] -[\fB\-context id\fR] -[\fB\-verify depth\fR] -[\fB\-Verify depth\fR] -[\fB\-cert filename\fR] -[\fB\-key keyfile\fR] -[\fB\-dcert filename\fR] -[\fB\-dkey keyfile\fR] -[\fB\-dhparam filename\fR] -[\fB\-nbio\fR] -[\fB\-nbio_test\fR] -[\fB\-crlf\fR] -[\fB\-debug\fR] -[\fB\-state\fR] -[\fB\-CApath directory\fR] -[\fB\-CAfile filename\fR] -[\fB\-nocert\fR] -[\fB\-cipher cipherlist\fR] -[\fB\-quiet\fR] -[\fB\-no_tmp_rsa\fR] -[\fB\-ssl2\fR] -[\fB\-ssl3\fR] -[\fB\-tls1\fR] -[\fB\-no_ssl2\fR] -[\fB\-no_ssl3\fR] -[\fB\-no_tls1\fR] -[\fB\-no_dhe\fR] -[\fB\-bugs\fR] -[\fB\-hack\fR] -[\fB\-www\fR] -[\fB\-WWW\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens -for connections on a given port using \s-1SSL/TLS\s0. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-accept port\fR" 4 -.IX Item "-accept port" -the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. -.Ip "\fB\-context id\fR" 4 -.IX Item "-context id" -sets the \s-1SSL\s0 context id. It can be given any string value. If this option -is not present a default value will be used. -.Ip "\fB\-cert certname\fR" 4 -.IX Item "-cert certname" -The certificate to use, most servers cipher suites require the use of a -certificate and some require a certificate with a certain public key type: -for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 -(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. -.Ip "\fB\-key keyfile\fR" 4 -.IX Item "-key keyfile" -The private key to use. If not specified then the certificate file will -be used. -.Ip "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 -.IX Item "-dcert filename, -dkey keyname" -specify an additional certificate and private key, these behave in the -same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default -if they are not specified (no additional certificate and key is used). As -noted above some cipher suites require a certificate containing a key of -a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key -and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys -a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites -by using an appropriate certificate. -.Ip "\fB\-nocert\fR" 4 -.IX Item "-nocert" -if this option is set then no certificate is used. This restricts the -cipher suites available to the anonymous ones (currently just anonymous -\&\s-1DH\s0). -.Ip "\fB\-dhparam filename\fR" 4 -.IX Item "-dhparam filename" -the \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys -using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to -load the parameters from the server certificate file. If this fails then -a static set of parameters hard coded into the s_server program will be used. -.Ip "\fB\-no_dhe\fR" 4 -.IX Item "-no_dhe" -if this option is set then no \s-1DH\s0 parameters will be loaded effectively -disabling the ephemeral \s-1DH\s0 cipher suites. -.Ip "\fB\-no_tmp_rsa\fR" 4 -.IX Item "-no_tmp_rsa" -certain export cipher suites sometimes use a temporary \s-1RSA\s0 key, this option -disables temporary \s-1RSA\s0 key generation. -.Ip "\fB\-verify depth\fR, \fB\-Verify depth\fR" 4 -.IX Item "-verify depth, -Verify depth" -The verify depth to use. This specifies the maximum length of the -client certificate chain and makes the server request a certificate from -the client. With the \fB\-verify\fR option a certificate is requested but the -client does not have to send one, with the \fB\-Verify\fR option the client -must supply a certificate or an error occurs. -.Ip "\fB\-CApath directory\fR" 4 -.IX Item "-CApath directory" -The directory to use for client certificate verification. This directory -must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are -also used when building the server certificate chain. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file containing trusted certificates to use during client authentication -and to use when attempting to build the server certificate chain. The list -is also used in the list of acceptable client CAs passed to the client when -a certificate is requested. -.Ip "\fB\-state\fR" 4 -.IX Item "-state" -prints out the \s-1SSL\s0 session states. -.Ip "\fB\-debug\fR" 4 -.IX Item "-debug" -print extensive debugging information including a hex dump of all traffic. -.Ip "\fB\-nbio_test\fR" 4 -.IX Item "-nbio_test" -tests non blocking I/O -.Ip "\fB\-nbio\fR" 4 -.IX Item "-nbio" -turns on non blocking I/O -.Ip "\fB\-crlf\fR" 4 -.IX Item "-crlf" -this option translated a line feed from the terminal into \s-1CR+LF\s0. -.Ip "\fB\-quiet\fR" 4 -.IX Item "-quiet" -inhibit printing of session and certificate information. -.Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 -.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" -these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default -the initial handshake uses a method which should be compatible with all -servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. -.Ip "\fB\-bugs\fR" 4 -.IX Item "-bugs" -there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this -option enables various workarounds. -.Ip "\fB\-hack\fR" 4 -.IX Item "-hack" -this option enables a further workaround for some some early Netscape -\&\s-1SSL\s0 code (?). -.Ip "\fB\-cipher cipherlist\fR" 4 -.IX Item "-cipher cipherlist" -this allows the cipher list used by the server to be modified. When -the client sends a list of supported ciphers the first client cipher -also included in the server list is used. Because the client specifies -the preference order, the order of the server cipherlist irrelevant. See -the \fBciphers\fR command for more information. -.Ip "\fB\-www\fR" 4 -.IX Item "-www" -sends a status message back to the client when it connects. This includes -lots of information about the ciphers used and various session parameters. -The output is in \s-1HTML\s0 format so this option will normally be used with a -web browser. -.Ip "\fB\-WWW\fR" 4 -.IX Item "-WWW" -emulates a simple web server. Pages will be resolved relative to the -current directory, for example if the \s-1URL\s0 https://myhost/page.html is -requested the file ./page.html will be loaded. -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.SH "CONNECTED COMMANDS" -.IX Header "CONNECTED COMMANDS" -If a connection request is established with an \s-1SSL\s0 client and neither the -\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received -from the client is displayed and any key presses will be sent to the client. -.PP -Certain single letter commands are also recognized which perform special -operations: these are listed below. -.Ip "\fBq\fR" 4 -.IX Item "q" -end the current \s-1SSL\s0 connection but still accept new connections. -.Ip "\fBQ\fR" 4 -.IX Item "Q" -end the current \s-1SSL\s0 connection and exit. -.Ip "\fBr\fR" 4 -.IX Item "r" -renegotiate the \s-1SSL\s0 session. -.Ip "\fBR\fR" 4 -.IX Item "R" -renegotiate the \s-1SSL\s0 session and request a client certificate. -.Ip "\fBP\fR" 4 -.IX Item "P" -send some plain text down the underlying \s-1TCP\s0 connection: this should -cause the client to disconnect due to a protocol violation. -.Ip "\fBS\fR" 4 -.IX Item "S" -print out some session cache status information. -.SH "NOTES" -.IX Header "NOTES" -\&\fBs_server\fR can be used to debug \s-1SSL\s0 clients. To accept connections from -a web browser the command: -.PP -.Vb 1 -\& openssl s_server -accept 443 -www -.Ve -can be used for example. -.PP -Most web browsers (in particular Netscape and \s-1MSIE\s0) only support \s-1RSA\s0 cipher -suites, so they cannot connect to servers which don't use a certificate -carrying an \s-1RSA\s0 key or a version of OpenSSL with \s-1RSA\s0 disabled. -.PP -Although specifying an empty list of CAs when requesting a client certificate -is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to -mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. -.PP -The session parameters can printed out using the \fBsess_id\fR program. -.SH "BUGS" -.IX Header "BUGS" -Because this program has a lot of options and also because some of -the techniques used are rather old, the C source of s_server is rather -hard to read and not a model of how things should be done. A typical -\&\s-1SSL\s0 server program would be much simpler. -.PP -The output of common ciphers is wrong: it just gives the list of ciphers that -OpenSSL recognizes and the client supports. -.PP -There should be a way for the \fBs_server\fR program to print out details of any -unknown cipher suites a client says it supports. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -sess_id(1), s_client(1), ciphers(1) diff --git a/secure/lib/libcrypto/man/sess_id.1 b/secure/lib/libcrypto/man/sess_id.1 deleted file mode 100644 index 9a9c557..0000000 --- a/secure/lib/libcrypto/man/sess_id.1 +++ /dev/null @@ -1,258 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:56 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SESS_ID 1" -.TH SESS_ID 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -sess_id \- \s-1SSL/TLS\s0 session handling utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBsess_id\fR -[\fB\-inform PEM|DER\fR] -[\fB\-outform PEM|DER\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-text\fR] -[\fB\-noout\fR] -[\fB\-context \s-1ID\s0\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBsess_id\fR process the encoded version of the \s-1SSL\s0 session structure -and optionally prints out \s-1SSL\s0 session details (for example the \s-1SSL\s0 session -master key) in human readable format. Since this is a diagnostic tool that -needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will -not need to use it. -.Ip "\fB\-inform DER|PEM\fR" 4 -.IX Item "-inform DER|PEM" -This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded -format containing session details. The precise format can vary from one version -to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR -format base64 encoded with additional header and footer lines. -.Ip "\fB\-outform DER|PEM\fR" 4 -.IX Item "-outform DER|PEM" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read session information from or standard -input by default. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write session information to or standard -output if this option is not specified. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the various public or private key components in -plain text in addition to the encoded version. -.Ip "\fB\-cert\fR" 4 -.IX Item "-cert" -if a certificate is present in the session it will be output using this option, -if the \fB\-text\fR option is also present then it will be printed out in text form. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the session. -.Ip "\fB\-context \s-1ID\s0\fR" 4 -.IX Item "-context ID" -this option can set the session id so the output session information uses the -supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally -be used. -.SH "OUTPUT" -.IX Header "OUTPUT" -Typical output: -.PP -.Vb 10 -\& SSL-Session: -\& Protocol : TLSv1 -\& Cipher : 0016 -\& Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED -\& Session-ID-ctx: 01000000 -\& Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD -\& Key-Arg : None -\& Start Time: 948459261 -\& Timeout : 300 (sec) -\& Verify return code 0 (ok) -.Ve -Theses are described below in more detail. -.Ip "\fBProtocol\fR" 4 -.IX Item "Protocol" -this is the protocol in use TLSv1, SSLv3 or SSLv2. -.Ip "\fBCipher\fR" 4 -.IX Item "Cipher" -the cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 -or \s-1TLS\s0 specifications for more information. -.Ip "\fBSession-ID\fR" 4 -.IX Item "Session-ID" -the \s-1SSL\s0 session \s-1ID\s0 in hex format. -.Ip "\fBSession-ID-ctx\fR" 4 -.IX Item "Session-ID-ctx" -the session \s-1ID\s0 context in hex format. -.Ip "\fBMaster-Key\fR" 4 -.IX Item "Master-Key" -this is the \s-1SSL\s0 session master key. -.Ip "\fBKey-Arg\fR" 4 -.IX Item "Key-Arg" -the key argument, this is only used in \s-1SSL\s0 v2. -.Ip "\fBStart Time\fR" 4 -.IX Item "Start Time" -this is the session start time represented as an integer in standard Unix format. -.Ip "\fBTimeout\fR" 4 -.IX Item "Timeout" -the timeout in seconds. -.Ip "\fBVerify return code\fR" 4 -.IX Item "Verify return code" -this is the return code when an \s-1SSL\s0 client certificate is verified. -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 encoded session format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN SSL SESSION PARAMETERS----- -\& -----END SSL SESSION PARAMETERS----- -.Ve -Since the \s-1SSL\s0 session output contains the master key it is possible to read the contents -of an encrypted session using this information. Therefore appropriate security precautions -should be taken if the information is being output by a \*(L"real\*(R" application. This is -however strongly discouraged and should only be used for debugging purposes. -.SH "BUGS" -.IX Header "BUGS" -The cipher and start time should be printed out in human readable form. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ciphers(1), s_server(1) diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 332f583..349f228 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:11 2002 +.\" Mon Jan 13 19:29:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sha 3" -.TH sha 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH sha 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm diff --git a/secure/lib/libcrypto/man/smime.1 b/secure/lib/libcrypto/man/smime.1 deleted file mode 100644 index a04e835..0000000 --- a/secure/lib/libcrypto/man/smime.1 +++ /dev/null @@ -1,473 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:57 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SMIME 1" -.TH SMIME 1 "0.9.6e" "2002-07-30" "OpenSSL" -.UC -.SH "NAME" -smime \- S/MIME utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBsmime\fR -[\fB\-encrypt\fR] -[\fB\-decrypt\fR] -[\fB\-sign\fR] -[\fB\-verify\fR] -[\fB\-pk7out\fR] -[\fB\-des\fR] -[\fB\-des3\fR] -[\fB\-rc2\-40\fR] -[\fB\-rc2\-64\fR] -[\fB\-rc2\-128\fR] -[\fB\-in file\fR] -[\fB\-certfile file\fR] -[\fB\-signer file\fR] -[\fB\-recip file\fR] -[\fB\-inform SMIME|PEM|DER\fR] -[\fB\-passin arg\fR] -[\fB\-inkey file\fR] -[\fB\-out file\fR] -[\fB\-outform SMIME|PEM|DER\fR] -[\fB\-content file\fR] -[\fB\-to addr\fR] -[\fB\-from ad\fR] -[\fB\-subject s\fR] -[\fB\-text\fR] -[\fB\-rand \f(BIfile\fB\|(s)\fR] -[cert.pem]... -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and -verify S/MIME messages. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -There are five operation options that set the type of operation to be performed. -The meaning of the other options varies according to the operation type. -.Ip "\fB\-encrypt\fR" 4 -.IX Item "-encrypt" -encrypt mail for the given recipient certificates. Input file is the message -to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. -.Ip "\fB\-decrypt\fR" 4 -.IX Item "-decrypt" -decrypt mail using the supplied certificate and private key. Expects an -encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail -is written to the output file. -.Ip "\fB\-sign\fR" 4 -.IX Item "-sign" -sign mail using the supplied certificate and private key. Input file is -the message to be signed. The signed message in \s-1MIME\s0 format is written -to the output file. -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verify signed mail. Expects a signed mail message on input and outputs -the signed data. Both clear text and opaque signing is supported. -.Ip "\fB\-pk7out\fR" 4 -.IX Item "-pk7out" -takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -the input message to be encrypted or signed or the \s-1MIME\s0 message to -be decrypted or verified. -.Ip "\fB\-inform SMIME|PEM|DER\fR" 4 -.IX Item "-inform SMIME|PEM|DER" -this specifies the input format for the PKCS#7 structure. The default -is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR -format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures -instead. This currently only affects the input format of the PKCS#7 -structure, if no PKCS#7 structure is being input (for example with -\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -the message text that has been decrypted or verified or the output \s-1MIME\s0 -format message that has been signed or verified. -.Ip "\fB\-outform SMIME|PEM|DER\fR" 4 -.IX Item "-outform SMIME|PEM|DER" -this specifies the output format for the PKCS#7 structure. The default -is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR -format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures -instead. This currently only affects the output format of the PKCS#7 -structure, if no PKCS#7 structure is being output (for example with -\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. -.Ip "\fB\-content filename\fR" 4 -.IX Item "-content filename" -This specifies a file containing the detached content, this is only -useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 -structure is using the detached signature form where the content is -not included. This option will override any content if the input format -is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied -message if encrypting or signing. If decrypting or verifying it strips -off text headers: if the decrypted or verified message is not of \s-1MIME\s0 -type text/plain then an error occurs. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -a file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. -.Ip "\fB\-CApath dir\fR" 4 -.IX Item "-CApath dir" -a directory containing trusted \s-1CA\s0 certificates, only used with -\&\fB\-verify\fR. This directory must be a standard certificate directory: that -is a hash of each subject name (using \fBx509 \-hash\fR) should be linked -to each certificate. -.Ip "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128\fR" 4 -.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128" -the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits) -or 40, 64 or 128 bit \s-1RC2\s0 respectively if not specified 40 bit \s-1RC2\s0 is -used. Only used with \fB\-encrypt\fR. -.Ip "\fB\-nointern\fR" 4 -.IX Item "-nointern" -when verifying a message normally certificates (if any) included in -the message are searched for the signing certificate. With this option -only the certificates specified in the \fB\-certfile\fR option are used. -The supplied certificates can still be used as untrusted CAs however. -.Ip "\fB\-noverify\fR" 4 -.IX Item "-noverify" -do not verify the signers certificate of a signed message. -.Ip "\fB\-nochain\fR" 4 -.IX Item "-nochain" -do not do chain verification of signers certificates: that is don't -use the certificates in the signed message as untrusted CAs. -.Ip "\fB\-nosigs\fR" 4 -.IX Item "-nosigs" -don't try to verify the signatures on the message. -.Ip "\fB\-nocerts\fR" 4 -.IX Item "-nocerts" -when signing a message the signer's certificate is normally included -with this option it is excluded. This will reduce the size of the -signed message but the verifier must have a copy of the signers certificate -available locally (passed using the \fB\-certfile\fR option for example). -.Ip "\fB\-noattr\fR" 4 -.IX Item "-noattr" -normally when a message is signed a set of attributes are included which -include the signing time and supported symmetric algorithms. With this -option they are not included. -.Ip "\fB\-binary\fR" 4 -.IX Item "-binary" -normally the input message is converted to \*(L"canonical\*(R" format which is -effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME -specification. When this option is present no translation occurs. This -is useful when handling binary data which may not be in \s-1MIME\s0 format. -.Ip "\fB\-nodetach\fR" 4 -.IX Item "-nodetach" -when signing a message use opaque signing: this form is more resistant -to translation by mail relays but it cannot be read by mail agents that -do not support S/MIME. Without this option cleartext signing with -the \s-1MIME\s0 type multipart/signed is used. -.Ip "\fB\-certfile file\fR" 4 -.IX Item "-certfile file" -allows additional certificates to be specified. When signing these will -be included with the message. When verifying these will be searched for -the signers certificates. The certificates should be in \s-1PEM\s0 format. -.Ip "\fB\-signer file\fR" 4 -.IX Item "-signer file" -the signers certificate when signing a message. If a message is -being verified then the signers certificates will be written to this -file if the verification was successful. -.Ip "\fB\-recip file\fR" 4 -.IX Item "-recip file" -the recipients certificate when decrypting a message. This certificate -must match one of the recipients of the message or an error occurs. -.Ip "\fB\-inkey file\fR" 4 -.IX Item "-inkey file" -the private key to use when signing or decrypting. This must match the -corresponding certificate. If this option is not specified then the -private key must be included in the certificate file specified with -the \fB\-recip\fR or \fB\-signer\fR file. -.Ip "\fB\-passin arg\fR" 4 -.IX Item "-passin arg" -the private key password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 -.IX Item "-rand file" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). -Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. -.Ip "\fBcert.pem...\fR" 4 -.IX Item "cert.pem..." -one or more certificates of message recipients: used when encrypting -a message. -.Ip "\fB\-to, \-from, \-subject\fR" 4 -.IX Item "-to, -from, -subject" -the relevant mail headers. These are included outside the signed -portion of a message so they may be included manually. If signing -then many S/MIME mail clients check the signers certificate's email -address matches that specified in the From: address. -.SH "NOTES" -.IX Header "NOTES" -The \s-1MIME\s0 message must be sent without any blank lines between the -headers and the output. Some mail programs will automatically add -a blank line. Piping the mail directly to sendmail is one way to -achieve the correct format. -.PP -The supplied message to be signed or encrypted must include the -necessary \s-1MIME\s0 headers or many S/MIME clients wont display it -properly (if at all). You can use the \fB\-text\fR option to automatically -add plain text headers. -.PP -A \*(L"signed and encrypted\*(R" message is one where a signed message is -then encrypted. This can be produced by encrypting an already signed -message: see the examples section. -.PP -This version of the program only allows one signer per message but it -will verify multiple signers on received messages. Some S/MIME clients -choke if a message contains multiple signers. It is possible to sign -messages \*(L"in parallel\*(R" by signing an already signed message. -.PP -The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME -clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 -encrypted data is used for other purposes. -.SH "EXIT CODES" -.IX Header "EXIT CODES" -.Ip "0" 4 -the operation was completely successfully. -.Ip "1" 4 -.IX Item "1" -an error occurred parsing the command options. -.Ip "2" 4 -.IX Item "2" -one of the input files could not be read. -.Ip "3" 4 -.IX Item "3" -an error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 -message. -.Ip "4" 4 -.IX Item "4" -an error occurred decrypting or verifying the message. -.Ip "5" 4 -.IX Item "5" -the message was verified correctly but an error occurred writing out -the signers certificates. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Create a cleartext signed message: -.PP -.Vb 2 -\& openssl smime -sign -in message.txt -text -out mail.msg \e -\& -signer mycert.pem -.Ve -Create and opaque signed message -.PP -.Vb 2 -\& openssl smime -sign -in message.txt -text -out mail.msg -nodetach \e -\& -signer mycert.pem -.Ve -Create a signed message, include some additional certificates and -read the private key from another file: -.PP -.Vb 2 -\& openssl smime -sign -in in.txt -text -out mail.msg \e -\& -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem -.Ve -Send a signed message under Unix directly to sendmail, including headers: -.PP -.Vb 3 -\& openssl smime -sign -in in.txt -text -signer mycert.pem \e -\& -from steve@openssl.org -to someone@somewhere \e -\& -subject "Signed message" | sendmail someone@somewhere -.Ve -Verify a message and extract the signer's certificate if successful: -.PP -.Vb 1 -\& openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt -.Ve -Send encrypted mail using triple \s-1DES:\s0 -.PP -.Vb 3 -\& openssl smime -encrypt -in in.txt -from steve@openssl.org \e -\& -to someone@somewhere -subject "Encrypted message" \e -\& -des3 user.pem -out mail.msg -.Ve -Sign and encrypt mail: -.PP -.Vb 4 -\& openssl smime -sign -in ml.txt -signer my.pem -text \e -\& | openssl smime -encrypt -out mail.msg \e -\& -from steve@openssl.org -to someone@somewhere \e -\& -subject "Signed and Encrypted message" -des3 user.pem -.Ve -Note: the encryption command does not include the \fB\-text\fR option because the message -being encrypted already has \s-1MIME\s0 headers. -.PP -Decrypt mail: -.PP -.Vb 1 -\& openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem -.Ve -The output from Netscape form signing is a PKCS#7 structure with the -detached signature format. You can use this program to verify the -signature by line wrapping the base64 encoded structure and surrounding -it with: -.PP -.Vb 2 -\& -----BEGIN PKCS7---- -\& -----END PKCS7---- -.Ve -and using the command, -.PP -.Vb 1 -\& openssl smime -verify -inform PEM -in signature.pem -content content.txt -.Ve -alternatively you can base64 decode the signature and use -.PP -.Vb 1 -\& openssl smime -verify -inform DER -in signature.der -content content.txt -.Ve -.SH "BUGS" -.IX Header "BUGS" -The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've thrown -at it but it may choke on others. -.PP -The code currently will only write out the signer's certificate to a file: if the -signer has a separate encryption certificate this must be manually extracted. There -should be some heuristic that determines the correct encryption certificate. -.PP -Ideally a database should be maintained of a certificates for each email address. -.PP -The code doesn't currently take note of the permitted symmetric encryption -algorithms as supplied in the SMIMECapabilities signed attribute. this means the -user has to manually include the correct encryption algorithm. It should store -the list of permitted ciphers in a database and only use those. -.PP -No revocation checking is done on the signer's certificate. -.PP -The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 -structures may cause parsing errors. diff --git a/secure/lib/libcrypto/man/spkac.1 b/secure/lib/libcrypto/man/spkac.1 deleted file mode 100644 index 2a7df5a..0000000 --- a/secure/lib/libcrypto/man/spkac.1 +++ /dev/null @@ -1,248 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:58 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "SPKAC 1" -.TH SPKAC 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -spkac \- \s-1SPKAC\s0 printing and generating utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBspkac\fR -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-key keyfile\fR] -[\fB\-passin arg\fR] -[\fB\-challenge string\fR] -[\fB\-pubkey\fR] -[\fB\-spkac spkacname\fR] -[\fB\-spksect section\fR] -[\fB\-noout\fR] -[\fB\-verify\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBspkac\fR command processes Netscape signed public key and challenge -(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and -produce its own SPKACs from a supplied private key. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read from or standard input if this -option is not specified. Ignored if the \fB\-key\fR option is used. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -specifies the output filename to write to or standard output by -default. -.Ip "\fB\-key keyfile\fR" 4 -.IX Item "-key keyfile" -create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The -\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if -present. -.Ip "\fB\-passin password\fR" 4 -.IX Item "-passin password" -the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-challenge string\fR" 4 -.IX Item "-challenge string" -specifies the challenge string if an \s-1SPKAC\s0 is being created. -.Ip "\fB\-spkac spkacname\fR" 4 -.IX Item "-spkac spkacname" -allows an alternative name form the variable containing the -\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both -generated and input \s-1SPKAC\s0 files. -.Ip "\fB\-spksect section\fR" 4 -.IX Item "-spksect section" -allows an alternative name form the section containing the -\&\s-1SPKAC\s0. The default is the default section. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -don't output the text version of the \s-1SPKAC\s0 (not used if an -\&\s-1SPKAC\s0 is being created). -.Ip "\fB\-pubkey\fR" 4 -.IX Item "-pubkey" -output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is -being created). -.Ip "\fB\-verify\fR" 4 -.IX Item "-verify" -verifies the digital signature on the supplied \s-1SPKAC\s0. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Print out the contents of an \s-1SPKAC:\s0 -.PP -.Vb 1 -\& openssl spkac -in spkac.cnf -.Ve -Verify the signature of an \s-1SPKAC:\s0 -.PP -.Vb 1 -\& openssl spkac -in spkac.cnf -noout -verify -.Ve -Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": -.PP -.Vb 1 -\& openssl spkac -key key.pem -challenge hello -out spkac.cnf -.Ve -Example of an \s-1SPKAC\s0, (long lines split up for clarity): -.PP -.Vb 5 -\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e -\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e -\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e -\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e -\& 4= -.Ve -.SH "NOTES" -.IX Header "NOTES" -A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into -the \fBca\fR utility. -.PP -SPKACs are typically generated by Netscape when a form is submitted -containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment -process. -.PP -The challenge string permits a primitive form of proof of possession -of private key. By checking the \s-1SPKAC\s0 signature and a random challenge -string some guarantee is given that the user knows the private key -corresponding to the public key being certified. This is important in -some applications. Without this it is possible for a previous \s-1SPKAC\s0 -to be used in a \*(L"replay attack\*(R". -.SH "SEE ALSO" -.IX Header "SEE ALSO" -ca(1) diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index e3c28bc..8f9f3d0 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:12 2002 +.\" Mon Jan 13 19:29:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "threads 3" -.TH threads 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH threads 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, @@ -200,7 +200,7 @@ OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set. .PP locking_function(int mode, int n, const char *file, int line) is -needed to perform locking on shared data structures. +needed to perform locking on shared data structures. (Note that OpenSSL uses a number of global data structures that will be implicitly shared whenever multiple threads use OpenSSL.) Multi-threaded applications will crash at random if it is not set. diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 new file mode 100644 index 0000000..3acf313 --- /dev/null +++ b/secure/lib/libcrypto/man/ui.3 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:35 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ui 3" +.TH ui 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, +UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, +UI_set_method, UI_OpenSSL, ERR_load_UI_strings \- New User Interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ui.h> +.Ve +.Vb 2 +\& typedef struct ui_st UI; +\& typedef struct ui_method_st UI_METHOD; +.Ve +.Vb 3 +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +.Ve +.Vb 18 +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +.Ve +.Vb 3 +\& /* These are the possible flags. They can be or'ed together. */ +\& #define UI_INPUT_FLAG_ECHO 0x01 +\& #define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +.Ve +.Vb 2 +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +.Ve +.Vb 2 +\& void *UI_add_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +.Ve +.Vb 1 +\& const char *UI_get0_result(UI *ui, int i); +.Ve +.Vb 1 +\& int UI_process(UI *ui); +.Ve +.Vb 3 +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& #define UI_CTRL_PRINT_ERRORS 1 +\& #define UI_CTRL_IS_REDOABLE 2 +.Ve +.Vb 4 +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +.Ve +.Vb 1 +\& UI_METHOD *UI_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see ui_create(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI\s0. This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to UI_add_user_data. The default \s-1UI\s0 method doesn't care +about these data, but other methods might. Finally, use \fIUI_process()\fR +to actually perform the prompting and \fIUI_get0_result()\fR to find the result +to the prompt. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fIUI_get0_result()\fR. +.PP +The functions are as follows: +.PP +\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, +since the default can be changed. See further on). This method is the +most machine/OS dependent part of OpenSSL and normally generates the +most problems when porting. +.PP +\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +.PP +\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result. The given information is used to prompt for +information, for example a password, and to verify a password (i.e. having +the user enter it twice and check that the same string was entered twice). +\&\fIUI_add_verify_string()\fR takes and extra argument that should be a pointer +to the result buffer of the input string that it's supposed to verify, or +verification will fail. +.PP +\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is really divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for +\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fIUI_add_user_data()\fR adds a piece of memory for the method to use at any +time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fIUI_add_user_data()\fR. +.PP +\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns. +.PP +\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI\s0, and +\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +.PP +\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. +.PP +\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ui_create(3), ui_compat(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1UI\s0 section was first introduced in OpenSSL 0.9.7. +.SH "AUTHOR" +.IX Header "AUTHOR" +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 new file mode 100644 index 0000000..aafe7e4 --- /dev/null +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:36 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ui_compat 3" +.TH ui_compat 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \- +Compatibility user interface functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int des_read_password(DES_cblock *key,const char *prompt,int verify); +\& int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, +\& const char *prompt,int verify); +.Ve +.Vb 2 +\& int des_read_pw_string(char *buf,int length,const char *prompt,int verify); +\& int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 library contained a few routines to prompt for passwords. These +aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the +\&\s-1UI\s0 compatibility library. +.PP +\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output +turns echo off and reads an input string from the terminal. The string is +returned in \fIbuf\fR, which must have spac for at least \fIsize\fR bytes. +If \fIverify\fR is set, the user is asked for the password twice and unless +the two copies match, an error is returned. The second password is stored +in \fIbuff\fR, which must therefore also be at least \fIsize\fR bytes. A return +code of \-1 indicates a system error, 1 failure due to use interaction, and +0 is success. All other functions described here use \fIdes_read_pw()\fR to do +the work. +.PP +\&\fIdes_read_pw_string()\fR is a variant of \fIdes_read_pw()\fR that provides a buffer +for you if \fIverify\fR is set. +.PP +\&\fIdes_read_password()\fR calls \fIdes_read_pw()\fR and converts the password to a +\&\s-1DES\s0 key by calling \fIDES_string_to_key()\fR; \fIdes_read_2password()\fR operates in +the same way as \fIdes_read_password()\fR except that it generates two keys +by using the \fIDES_string_to_2key()\fR function. +.SH "NOTES" +.IX Header "NOTES" +\&\fIdes_read_pw_string()\fR is available in the \s-1MIT\s0 Kerberos library as well, and +is also available under the name \fIEVP_read_pw_string()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ui(3), ui_create(3) +.SH "AUTHOR" +.IX Header "AUTHOR" +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/verify.1 b/secure/lib/libcrypto/man/verify.1 deleted file mode 100644 index 190105c..0000000 --- a/secure/lib/libcrypto/man/verify.1 +++ /dev/null @@ -1,408 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:59 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "VERIFY 1" -.TH VERIFY 1 "0.9.6e" "2002-01-26" "OpenSSL" -.UC -.SH "NAME" -verify \- Utility to verify certificates. -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBverify\fR -[\fB\-CApath directory\fR] -[\fB\-CAfile file\fR] -[\fB\-purpose purpose\fR] -[\fB\-untrusted file\fR] -[\fB\-help\fR] -[\fB\-issuer_checks\fR] -[\fB\-verbose\fR] -[\fB-\fR] -[certificates] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBverify\fR command verifies certificate chains. -.SH "COMMAND OPTIONS" -.IX Header "COMMAND OPTIONS" -.Ip "\fB\-CApath directory\fR" 4 -.IX Item "-CApath directory" -A directory of trusted certificates. The certificates should have names -of the form: hash.0 or have symbolic links to them of this -form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option -of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically -create symbolic links to a directory of certificates. -.Ip "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file of trusted certificates. The file should contain multiple certificates -in \s-1PEM\s0 format concatenated together. -.Ip "\fB\-untrusted file\fR" 4 -.IX Item "-untrusted file" -A file of untrusted certificates. The file should contain multiple certificates -.Ip "\fB\-purpose purpose\fR" 4 -.IX Item "-purpose purpose" -the intended use for the certificate. Without this option no chain verification -will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, -\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR -section for more information. -.Ip "\fB\-help\fR" 4 -.IX Item "-help" -prints out a usage message. -.Ip "\fB\-verbose\fR" 4 -.IX Item "-verbose" -print extra information about the operations being performed. -.Ip "\fB\-issuer_checks\fR" 4 -.IX Item "-issuer_checks" -print out diagnostics relating to searches for the issuer certificate -of the current certificate. This shows why each candidate issuer -certificate was rejected. However the presence of rejection messages -does not itself imply that anything is wrong: during the normal -verify process several rejections may take place. -.Ip "\fB-\fR" 4 -.IX Item "-" -marks the last option. All arguments following this are assumed to be -certificate files. This is useful if the first certificate filename begins -with a \fB-\fR. -.Ip "\fBcertificates\fR" 4 -.IX Item "certificates" -one or more certificates to verify. If no certificate filenames are included -then an attempt is made to read a certificate from standard input. They should -all be in \s-1PEM\s0 format. -.SH "VERIFY OPERATION" -.IX Header "VERIFY OPERATION" -The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME -verification, therefore this description applies to these verify operations -too. -.PP -There is one crucial difference between the verify operations performed -by the \fBverify\fR program: wherever possible an attempt is made to continue -after an error whereas normally the verify operation would halt on the -first error. This allows all the problems with a certificate chain to be -determined. -.PP -The verify operation consists of a number of separate steps. -.PP -Firstly a certificate chain is built up starting from the supplied certificate -and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built -up. The chain is built up by looking up the issuers certificate of the current -certificate. If a certificate is found which is its own issuer it is assumed -to be the root \s-1CA\s0. -.PP -The process of 'looking up the issuers certificate' itself involves a number -of steps. In versions of OpenSSL before 0.9.5a the first certificate whose -subject name matched the issuer of the current certificate was assumed to be -the issuers certificate. In OpenSSL 0.9.6 and later all certificates -whose subject name matches the issuer name of the current certificate are -subject to further tests. The relevant authority key identifier components -of the current certificate (if present) must match the subject key identifier -(if present) and issuer and serial number of the candidate issuer, in addition -the keyUsage extension of the candidate issuer (if present) must permit -certificate signing. -.PP -The lookup first looks in the list of untrusted certificates and if no match -is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 -is always looked up in the trusted certificate list: if the certificate to -verify is a root certificate then an exact match must be found in the trusted -list. -.PP -The second operation is to check every untrusted certificate's extensions for -consistency with the supplied purpose. If the \fB\-purpose\fR option is not included -then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions -compatible with the supplied purpose and all other certificates must also be valid -\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in -the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility. -.PP -The third operation is to check the trust settings on the root \s-1CA\s0. The root -\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous -versions of SSLeay and OpenSSL a certificate with no trust settings is considered -to be valid for all purposes. -.PP -The final operation is to check the validity of the certificate chain. The validity -period is checked against the current system time and the notBefore and notAfter -dates in the certificate. The certificate signatures are also checked at this -point. -.PP -If all operations complete successfully then certificate is considered valid. If -any operation fails then the certificate is not valid. -.SH "DIAGNOSTICS" -.IX Header "DIAGNOSTICS" -When a verify operation fails the output messages can be somewhat cryptic. The -general form of the error message is: -.PP -.Vb 2 -\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) -\& error 24 at 1 depth lookup:invalid CA certificate -.Ve -The first line contains the name of the certificate being verified followed by -the subject name of the certificate. The second line contains the error number -and the depth. The depth is number of the certificate being verified when a -problem was detected starting with zero for the certificate being verified itself -then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version -of the error number is presented. -.PP -An exhaustive list of the error codes and messages is shown below, this also -includes the name of the error code as defined in the header file x509_vfy.h -Some of the error codes are defined but never returned: these are described -as \*(L"unused\*(R". -.Ip "\fB0 X509_V_OK: ok\fR" 4 -.IX Item "0 X509_V_OK: ok" -the operation was successful. -.Ip "\fB2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 -.IX Item "2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" -the issuer certificate could not be found: this occurs if the issuer certificate -of an untrusted certificate cannot be found. -.Ip "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate \s-1CRL\s0\fR" 4 -.IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL" -the \s-1CRL\s0 of a certificate could not be found. Unused. -.Ip "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 -.IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" -the certificate signature could not be decrypted. This means that the actual signature value -could not be determined rather than it not matching the expected value, this is only -meaningful for \s-1RSA\s0 keys. -.Ip "\fB5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 -.IX Item "5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" -the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature value -could not be determined rather than it not matching the expected value. Unused. -.Ip "\fB6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 -.IX Item "6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" -the public key in the certificate SubjectPublicKeyInfo could not be read. -.Ip "\fB7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 -.IX Item "7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" -the signature of the certificate is invalid. -.Ip "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 -.IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" -the signature of the certificate is invalid. Unused. -.Ip "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 -.IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" -the certificate is not yet valid: the notBefore date is after the current time. -.Ip "\fB10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 -.IX Item "10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" -the certificate has expired: that is the notAfter date is before the current time. -.Ip "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 -.IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" -the \s-1CRL\s0 is not yet valid. Unused. -.Ip "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 -.IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" -the \s-1CRL\s0 has expired. Unused. -.Ip "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 -.IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" -the certificate notBefore field contains an invalid time. -.Ip "\fB14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 -.IX Item "14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" -the certificate notAfter field contains an invalid time. -.Ip "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 -.IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" -the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused. -.Ip "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 -.IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" -the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused. -.Ip "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 -.IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory" -an error occurred trying to allocate memory. This should never happen. -.Ip "\fB18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 -.IX Item "18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" -the passed certificate is self signed and the same certificate cannot be found in the list of -trusted certificates. -.Ip "\fB19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 -.IX Item "19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" -the certificate chain could be built up using the untrusted certificates but the root could not -be found locally. -.Ip "\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 -.IX Item "20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" -the issuer certificate of a locally looked up certificate could not be found. This normally means -the list of trusted certificates is not complete. -.Ip "\fB21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 -.IX Item "21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" -no signatures could be verified because the chain contains only one certificate and it is not -self signed. -.Ip "\fB22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 -.IX Item "22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" -the certificate chain length is greater than the supplied maximum depth. Unused. -.Ip "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 -.IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked" -the certificate has been revoked. Unused. -.Ip "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 -.IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate" -a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent -with the supplied purpose. -.Ip "\fB25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 -.IX Item "25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" -the basicConstraints pathlength parameter has been exceeded. -.Ip "\fB26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 -.IX Item "26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" -the supplied certificate cannot be used for the specified purpose. -.Ip "\fB27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 -.IX Item "27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" -the root \s-1CA\s0 is not marked as trusted for the specified purpose. -.Ip "\fB28 X509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 -.IX Item "28 X509_V_ERR_CERT_REJECTED: certificate rejected" -the root \s-1CA\s0 is marked to reject the specified purpose. -.Ip "\fB29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 -.IX Item "29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" -the current candidate issuer certificate was rejected because its subject name -did not match the issuer name of the current certificate. Only displayed when -the \fB\-issuer_checks\fR option is set. -.Ip "\fB30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 -.IX Item "30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" -the current candidate issuer certificate was rejected because its subject key -identifier was present and did not match the authority key identifier current -certificate. Only displayed when the \fB\-issuer_checks\fR option is set. -.Ip "\fB31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 -.IX Item "31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" -the current candidate issuer certificate was rejected because its issuer name -and serial number was present and did not match the authority key identifier -of the current certificate. Only displayed when the \fB\-issuer_checks\fR option is set. -.Ip "\fB32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 -.IX Item "32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" -the current candidate issuer certificate was rejected because its keyUsage extension -does not permit certificate signing. -.Ip "\fB50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 -.IX Item "50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" -an application specific error. Unused. -.SH "BUGS" -.IX Header "BUGS" -Although the issuer checks are a considerably improvement over the old technique they still -suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that -trusted certificates with matching subject name must either appear in a file (as specified by the -\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only -the certificates in the file will be recognised. -.PP -Previous versions of OpenSSL assume certificates with matching subject name are identical and -mishandled them. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1) diff --git a/secure/lib/libcrypto/man/version.1 b/secure/lib/libcrypto/man/version.1 deleted file mode 100644 index 9d2112d..0000000 --- a/secure/lib/libcrypto/man/version.1 +++ /dev/null @@ -1,180 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:59 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "VERSION 1" -.TH VERSION 1 "0.9.6e" "2000-04-13" "OpenSSL" -.UC -.SH "NAME" -version \- print OpenSSL version information -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl version\fR -[\fB\-a\fR] -[\fB\-v\fR] -[\fB\-b\fR] -[\fB\-o\fR] -[\fB\-f\fR] -[\fB\-p\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -This command is used to print out version information about OpenSSL. -.SH "OPTIONS" -.IX Header "OPTIONS" -.Ip "\fB\-a\fR" 4 -.IX Item "-a" -all information, this is the same as setting all the other flags. -.Ip "\fB\-v\fR" 4 -.IX Item "-v" -the current OpenSSL version. -.Ip "\fB\-b\fR" 4 -.IX Item "-b" -the date the current version of OpenSSL was built. -.Ip "\fB\-o\fR" 4 -.IX Item "-o" -option information: various options set when the library was built. -.Ip "\fB\-c\fR" 4 -.IX Item "-c" -compilation flags. -.Ip "\fB\-p\fR" 4 -.IX Item "-p" -platform setting. -.SH "NOTES" -.IX Header "NOTES" -The output of \fBopenssl version \-a\fR would typically be used when sending -in a bug report. diff --git a/secure/lib/libcrypto/man/x509.1 b/secure/lib/libcrypto/man/x509.1 deleted file mode 100644 index 4b76ee1..0000000 --- a/secure/lib/libcrypto/man/x509.1 +++ /dev/null @@ -1,748 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:00 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "X509 1" -.TH X509 1 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -x509 \- Certificate display and signing utility -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -\&\fBopenssl\fR \fBx509\fR -[\fB\-inform DER|PEM|NET\fR] -[\fB\-outform DER|PEM|NET\fR] -[\fB\-keyform DER|PEM\fR] -[\fB\-CAform DER|PEM\fR] -[\fB\-CAkeyform DER|PEM\fR] -[\fB\-in filename\fR] -[\fB\-out filename\fR] -[\fB\-serial\fR] -[\fB\-hash\fR] -[\fB\-subject\fR] -[\fB\-issuer\fR] -[\fB\-nameopt option\fR] -[\fB\-email\fR] -[\fB\-startdate\fR] -[\fB\-enddate\fR] -[\fB\-purpose\fR] -[\fB\-dates\fR] -[\fB\-modulus\fR] -[\fB\-fingerprint\fR] -[\fB\-alias\fR] -[\fB\-noout\fR] -[\fB\-trustout\fR] -[\fB\-clrtrust\fR] -[\fB\-clrreject\fR] -[\fB\-addtrust arg\fR] -[\fB\-addreject arg\fR] -[\fB\-setalias arg\fR] -[\fB\-days arg\fR] -[\fB\-signkey filename\fR] -[\fB\-x509toreq\fR] -[\fB\-req\fR] -[\fB\-CA filename\fR] -[\fB\-CAkey filename\fR] -[\fB\-CAcreateserial\fR] -[\fB\-CAserial filename\fR] -[\fB\-text\fR] -[\fB\-C\fR] -[\fB\-md2|\-md5|\-sha1|\-mdc2\fR] -[\fB\-clrext\fR] -[\fB\-extfile filename\fR] -[\fB\-extensions section\fR] -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The \fBx509\fR command is a multi purpose certificate utility. It can be -used to display certificate information, convert certificates to -various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit -certificate trust settings. -.PP -Since there are a large number of options they will split up into -various sections. -.SH "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" -.IX Header "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" -.Ip "\fB\-inform DER|PEM|NET\fR" 4 -.IX Item "-inform DER|PEM|NET" -This specifies the input format normally the command will expect an X509 -certificate but this can change if other options such as \fB\-req\fR are -present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0 -is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines -added. The \s-1NET\s0 option is an obscure Netscape server format that is now -obsolete. -.Ip "\fB\-outform DER|PEM|NET\fR" 4 -.IX Item "-outform DER|PEM|NET" -This specifies the output format, the options have the same meaning as the -\&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 -.IX Item "-in filename" -This specifies the input filename to read a certificate from or standard input -if this option is not specified. -.Ip "\fB\-out filename\fR" 4 -.IX Item "-out filename" -This specifies the output filename to write to or standard output by -default. -.Ip "\fB\-md2|\-md5|\-sha1|\-mdc2\fR" 4 -.IX Item "-md2|-md5|-sha1|-mdc2" -the digest to use. This affects any signing or display option that uses a message -digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not -specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then -this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. -.SH "DISPLAY OPTIONS" -.IX Header "DISPLAY OPTIONS" -Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options -but are described in the \fB\s-1TRUST\s0 \s-1OPTIONS\s0\fR section. -.Ip "\fB\-text\fR" 4 -.IX Item "-text" -prints out the certificate in text form. Full details are output including the -public key, signature algorithms, issuer and subject names, serial number -any extensions present and any trust settings. -.Ip "\fB\-noout\fR" 4 -.IX Item "-noout" -this option prevents output of the encoded version of the request. -.Ip "\fB\-modulus\fR" 4 -.IX Item "-modulus" -this option prints out the value of the modulus of the public key -contained in the certificate. -.Ip "\fB\-serial\fR" 4 -.IX Item "-serial" -outputs the certificate serial number. -.Ip "\fB\-hash\fR" 4 -.IX Item "-hash" -outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to -form an index to allow certificates in a directory to be looked up by subject -name. -.Ip "\fB\-subject\fR" 4 -.IX Item "-subject" -outputs the subject name. -.Ip "\fB\-issuer\fR" 4 -.IX Item "-issuer" -outputs the issuer name. -.Ip "\fB\-nameopt option\fR" 4 -.IX Item "-nameopt option" -option which determine how the subject or issuer names are displayed. This -option may be used more than once to set multiple options. See the \fB\s-1NAME\s0 -\&\s-1OPTIONS\s0\fR section for more information. -.Ip "\fB\-email\fR" 4 -.IX Item "-email" -outputs the email address(es) if any. -.Ip "\fB\-startdate\fR" 4 -.IX Item "-startdate" -prints out the start date of the certificate, that is the notBefore date. -.Ip "\fB\-enddate\fR" 4 -.IX Item "-enddate" -prints out the expiry date of the certificate, that is the notAfter date. -.Ip "\fB\-dates\fR" 4 -.IX Item "-dates" -prints out the start and expiry dates of a certificate. -.Ip "\fB\-fingerprint\fR" 4 -.IX Item "-fingerprint" -prints out the digest of the \s-1DER\s0 encoded version of the whole certificate. -.Ip "\fB\-C\fR" 4 -.IX Item "-C" -this outputs the certificate in the form of a C source file. -.SH "TRUST SETTINGS" -.IX Header "TRUST SETTINGS" -Please note these options are currently experimental and may well change. -.PP -A \fBtrusted certificate\fR is an ordinary certificate which has several -additional pieces of information attached to it such as the permitted -and prohibited uses of the certificate and an \*(L"alias\*(R". -.PP -Normally when a certificate is being verified at least one certificate -must be \*(L"trusted\*(R". By default a trusted certificate must be stored -locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 -is then usable for any purpose. -.PP -Trust settings currently are only used with a root \s-1CA\s0. They allow a finer -control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 -may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. -.PP -See the description of the \fBverify\fR utility for more information on the -meaning of trust settings. -.PP -Future versions of OpenSSL will recognize trust settings on any -certificate: not just root CAs. -.Ip "\fB\-trustout\fR" 4 -.IX Item "-trustout" -this causes \fBx509\fR to output a \fBtrusted\fR certificate. An ordinary -or trusted certificate can be input but by default an ordinary -certificate is output and any trust settings are discarded. With the -\&\fB\-trustout\fR option a trusted certificate is output. A trusted -certificate is automatically output if any trust settings are modified. -.Ip "\fB\-setalias arg\fR" 4 -.IX Item "-setalias arg" -sets the alias of the certificate. This will allow the certificate -to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". -.Ip "\fB\-alias\fR" 4 -.IX Item "-alias" -outputs the certificate alias, if any. -.Ip "\fB\-clrtrust\fR" 4 -.IX Item "-clrtrust" -clears all the permitted or trusted uses of the certificate. -.Ip "\fB\-clrreject\fR" 4 -.IX Item "-clrreject" -clears all the prohibited or rejected uses of the certificate. -.Ip "\fB\-addtrust arg\fR" 4 -.IX Item "-addtrust arg" -adds a trusted certificate use. Any object name can be used here -but currently only \fBclientAuth\fR (\s-1SSL\s0 client use), \fBserverAuth\fR -(\s-1SSL\s0 server use) and \fBemailProtection\fR (S/MIME email) are used. -Other OpenSSL applications may define additional uses. -.Ip "\fB\-addreject arg\fR" 4 -.IX Item "-addreject arg" -adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR -option. -.Ip "\fB\-purpose\fR" 4 -.IX Item "-purpose" -this option performs tests on the certificate extensions and outputs -the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 -\&\s-1EXTENSIONS\s0\fR section. -.SH "SIGNING OPTIONS" -.IX Header "SIGNING OPTIONS" -The \fBx509\fR utility can be used to sign certificates and requests: it -can thus behave like a \*(L"mini \s-1CA\s0\*(R". -.Ip "\fB\-signkey filename\fR" 4 -.IX Item "-signkey filename" -this option causes the input file to be self signed using the supplied -private key. -.Sp -If the input file is a certificate it sets the issuer name to the -subject name (i.e. makes it self signed) changes the public key to the -supplied value and changes the start and end dates. The start date is -set to the current time and the end date is set to a value determined -by the \fB\-days\fR option. Any certificate extensions are retained unless -the \fB\-clrext\fR option is supplied. -.Sp -If the input is a certificate request then a self signed certificate -is created using the supplied private key using the subject name in -the request. -.Ip "\fB\-clrext\fR" 4 -.IX Item "-clrext" -delete any extensions from a certificate. This option is used when a -certificate is being created from another certificate (for example with -the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are -retained. -.Ip "\fB\-keyform PEM|DER\fR" 4 -.IX Item "-keyform PEM|DER" -specifies the format (\s-1DER\s0 or \s-1PEM\s0) of the private key file used in the -\&\fB\-signkey\fR option. -.Ip "\fB\-days arg\fR" 4 -.IX Item "-days arg" -specifies the number of days to make a certificate valid for. The default -is 30 days. -.Ip "\fB\-x509toreq\fR" 4 -.IX Item "-x509toreq" -converts a certificate into a certificate request. The \fB\-signkey\fR option -is used to pass the required private key. -.Ip "\fB\-req\fR" 4 -.IX Item "-req" -by default a certificate is expected on input. With this option a -certificate request is expected instead. -.Ip "\fB\-CA filename\fR" 4 -.IX Item "-CA filename" -specifies the \s-1CA\s0 certificate to be used for signing. When this option is -present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this -\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name -of the \s-1CA\s0 and it is digitally signed using the CAs private key. -.Sp -This option is normally combined with the \fB\-req\fR option. Without the -\&\fB\-req\fR option the input is a certificate which must be self signed. -.Ip "\fB\-CAkey filename\fR" 4 -.IX Item "-CAkey filename" -sets the \s-1CA\s0 private key to sign a certificate with. If this option is -not specified then it is assumed that the \s-1CA\s0 private key is present in -the \s-1CA\s0 certificate file. -.Ip "\fB\-CAserial filename\fR" 4 -.IX Item "-CAserial filename" -sets the \s-1CA\s0 serial number file to use. -.Sp -When the \fB\-CA\fR option is used to sign a certificate it uses a serial -number specified in a file. This file consist of one line containing -an even number of hex digits with the serial number to use. After each -use the serial number is incremented and written out to the file again. -.Sp -The default filename consists of the \s-1CA\s0 certificate file base name with -\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called -\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R". -.Ip "\fB\-CAcreateserial filename\fR" 4 -.IX Item "-CAcreateserial filename" -with this option the \s-1CA\s0 serial number file is created if it does not exist: -it will contain the serial number \*(L"02\*(R" and the certificate being signed will -have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified -and the serial number file does not exist it is an error. -.Ip "\fB\-extfile filename\fR" 4 -.IX Item "-extfile filename" -file containing certificate extensions to use. If not specified then -no extensions are added to the certificate. -.Ip "\fB\-extensions section\fR" 4 -.IX Item "-extensions section" -the section to add certificate extensions from. If this option is not -specified then the extensions should either be contained in the unnamed -(default) section or the default section should contain a variable called -\&\*(L"extensions\*(R" which contains the section to use. -.SH "NAME OPTIONS" -.IX Header "NAME OPTIONS" -The \fBnameopt\fR command line switch determines how the subject and issuer -names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" -format is used which is compatible with previous versions of OpenSSL. -Each option is described in detail below, all options can be preceded by -a \fB-\fR to turn the option off. Only the first four will normally be used. -.Ip "\fBcompat\fR" 4 -.IX Item "compat" -use the old format. This is equivalent to specifying no name options at all. -.Ip "\fB\s-1RFC2253\s0\fR" 4 -.IX Item "RFC2253" -displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, -\&\fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, -\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. -.Ip "\fBoneline\fR" 4 -.IX Item "oneline" -a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to -specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, -\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_spc\fR, \fBspc_eq\fR and \fBsname\fR -options. -.Ip "\fBmultiline\fR" 4 -.IX Item "multiline" -a multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, -\&\fBspc_eq\fR and \fBlname\fR. -.Ip "\fBesc_2253\fR" 4 -.IX Item "esc_2253" -escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field That is -\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginnging of a string -and a space character at the beginning or end of a string. -.Ip "\fBesc_ctrl\fR" 4 -.IX Item "esc_ctrl" -escape control characters. That is those with \s-1ASCII\s0 values less than -0x20 (space) and the delete (0x7f) character. They are escaped using the -\&\s-1RFC2253\s0 \eXX notation (where \s-1XX\s0 are two hex digits representing the -character value). -.Ip "\fBesc_msb\fR" 4 -.IX Item "esc_msb" -escape characters with the \s-1MSB\s0 set, that is with \s-1ASCII\s0 values larger than -127. -.Ip "\fBuse_quote\fR" 4 -.IX Item "use_quote" -escapes some characters by surrounding the whole string with \fB"\fR characters, -without the option all escaping is done with the \fB\e\fR character. -.Ip "\fButf8\fR" 4 -.IX Item "utf8" -convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If -you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use -of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct -display of multibyte (international) characters. Is this option is not -present then multibyte characters larger than 0xff will be represented -using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. -Also if this option is off any UTF8Strings will be converted to their -character form first. -.Ip "\fBno_type\fR" 4 -.IX Item "no_type" -this option does not attempt to interpret multibyte characters in any -way. That is their content octets are merely dumped as though one octet -represents each character. This is useful for diagnostic purposes but -will result in rather odd looking output. -.Ip "\fBshow_type\fR" 4 -.IX Item "show_type" -show the type of the \s-1ASN1\s0 character string. The type precedes the -field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R". -.Ip "\fBdump_der\fR" 4 -.IX Item "dump_der" -when this option is set any fields that need to be hexdumped will -be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the -content octets will be displayed. Both options use the \s-1RFC2253\s0 -\&\fB#XXXX...\fR format. -.Ip "\fBdump_nostr\fR" 4 -.IX Item "dump_nostr" -dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this -option is not set then non character string types will be displayed -as though each content octet repesents a single character. -.Ip "\fBdump_all\fR" 4 -.IX Item "dump_all" -dump all fields. This option when used with \fBdump_der\fR allows the -\&\s-1DER\s0 encoding of the structure to be unambiguously determined. -.Ip "\fBdump_unknown\fR" 4 -.IX Item "dump_unknown" -dump any field whose \s-1OID\s0 is not recognised by OpenSSL. -.Ip "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 -.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" -these options determine the field separators. The first character is -between RDNs and the second between multiple AVAs (multiple AVAs are -very rare and their use is discouraged). The options ending in -\&\*(L"space\*(R" additionally place a space after the separator to make it -more readable. The \fBsep_multiline\fR uses a linefeed character for -the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also -indents the fields by four characters. -.Ip "\fBdn_rev\fR" 4 -.IX Item "dn_rev" -reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side -effect this also reverses the order of multiple AVAs but this is -permissible. -.Ip "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 -.IX Item "nofname, sname, lname, oid" -these options alter how the field name is displayed. \fBnofname\fR does -not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form -(\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form. -\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for -diagnostic purpose. -.Ip "\fBspc_eq\fR" 4 -.IX Item "spc_eq" -places spaces round the \fB=\fR character which follows the field -name. -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Note: in these examples the '\e' means the example should be all on one -line. -.PP -Display the contents of a certificate: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -text -.Ve -Display the certificate serial number: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -serial -.Ve -Display the certificate subject name: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -subject -.Ve -Display the certificate subject name in \s-1RFC2253\s0 form: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 -.Ve -Display the certificate subject name in oneline form on a terminal -supporting \s-1UTF8:\s0 -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb -.Ve -Display the certificate \s-1MD5\s0 fingerprint: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -noout -fingerprint -.Ve -Display the certificate \s-1SHA1\s0 fingerprint: -.PP -.Vb 1 -\& openssl x509 -sha1 -in cert.pem -noout -fingerprint -.Ve -Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: -.PP -.Vb 1 -\& openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER -.Ve -Convert a certificate to a certificate request: -.PP -.Vb 1 -\& openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem -.Ve -Convert a certificate request into a self signed certificate using -extensions for a \s-1CA:\s0 -.PP -.Vb 2 -\& openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \e -\& -signkey key.pem -out cacert.pem -.Ve -Sign a certificate request using the \s-1CA\s0 certificate above and add user -certificate extensions: -.PP -.Vb 2 -\& openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \e -\& -CA cacert.pem -CAkey key.pem -CAcreateserial -.Ve -Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to -\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" -.PP -.Vb 2 -\& openssl x509 -in cert.pem -addtrust sslclient \e -\& -alias "Steve's Class 1 CA" -out trust.pem -.Ve -.SH "NOTES" -.IX Header "NOTES" -The \s-1PEM\s0 format uses the header and footer lines: -.PP -.Vb 2 -\& -----BEGIN CERTIFICATE---- -\& -----END CERTIFICATE---- -.Ve -it will also handle files containing: -.PP -.Vb 2 -\& -----BEGIN X509 CERTIFICATE---- -\& -----END X509 CERTIFICATE---- -.Ve -Trusted certificates have the lines -.PP -.Vb 2 -\& -----BEGIN TRUSTED CERTIFICATE---- -\& -----END TRUSTED CERTIFICATE---- -.Ve -The conversion to \s-1UTF8\s0 format used with the name options assumes that -T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape -and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect -it is more likely to display the majority of certificates correctly. -.PP -The \fB\-fingerprint\fR option takes the digest of the \s-1DER\s0 encoded certificate. -This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message -digests the fingerprint of a certificate is unique to that certificate and -two certificates with the same fingerprint can be considered to be the same. -.PP -The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0. -.PP -The \fB\-email\fR option searches the subject name and the subject alternative -name extension. Only unique email addresses will be printed out: it will -not print the same address more than once. -.SH "CERTIFICATE EXTENSIONS" -.IX Header "CERTIFICATE EXTENSIONS" -The \fB\-purpose\fR option checks the certificate extensions and determines -what the certificate can be used for. The actual checks done are rather -complex and include various hacks and workarounds to handle broken -certificates and software. -.PP -The same code is used when verifying untrusted certificates in chains -so this section is useful if a chain is rejected by the verify code. -.PP -The basicConstraints extension \s-1CA\s0 flag is used to determine whether the -certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, -if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the -\&\s-1CA\s0 flag set to true. -.PP -If the basicConstraints extension is absent then the certificate is -considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according -to the intended use of the certificate. A warning is given in this case -because the certificate should really not be regarded as a \s-1CA:\s0 however -it is allowed to be a \s-1CA\s0 to work around some broken software. -.PP -If the certificate is a V1 certificate (and thus has no extensions) and -it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again -given: this is to work around the problem of Verisign roots which are V1 -self signed certificates. -.PP -If the keyUsage extension is present then additional restraints are -made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the -keyCertSign bit set if the keyUsage extension is present. -.PP -The extended key usage extension places additional restrictions on the -certificate uses. If this extension is present (whether critical or not) -the key can only be used for the purposes specified. -.PP -A complete description of each test is given below. The comments about -basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR -\&\s-1CA\s0 certificates. -.Ip "\fB\s-1SSL\s0 Client\fR" 4 -.IX Item "SSL Client" -The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the -digitalSignature bit set. Netscape certificate type must be absent or it must -have the \s-1SSL\s0 client bit set. -.Ip "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 -.IX Item "SSL Client CA" -The extended key usage extension must be absent or include the \*(L"web client -authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have -the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints -extension is absent. -.Ip "\fB\s-1SSL\s0 Server\fR" 4 -.IX Item "SSL Server" -The extended key usage extension must be absent or include the \*(L"web server -authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it -must have the digitalSignature, the keyEncipherment set or both bits set. -Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. -.Ip "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 -.IX Item "SSL Server CA" -The extended key usage extension must be absent or include the \*(L"web server -authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must -be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the -basicConstraints extension is absent. -.Ip "\fBNetscape \s-1SSL\s0 Server\fR" 4 -.IX Item "Netscape SSL Server" -For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the -keyEncipherment bit set if the keyUsage extension is present. This isn't -always valid because some cipher suites use the key for digital signing. -Otherwise it is the same as a normal \s-1SSL\s0 server. -.Ip "\fBCommon S/MIME Client Tests\fR" 4 -.IX Item "Common S/MIME Client Tests" -The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the -S/MIME bit set. If the S/MIME bit is not set in netscape certificate type -then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: -this is because some Verisign certificates don't set the S/MIME bit. -.Ip "\fBS/MIME Signing\fR" 4 -.IX Item "S/MIME Signing" -In addition to the common S/MIME client tests the digitalSignature bit must -be set if the keyUsage extension is present. -.Ip "\fBS/MIME Encryption\fR" 4 -.IX Item "S/MIME Encryption" -In addition to the common S/MIME tests the keyEncipherment bit must be set -if the keyUsage extension is present. -.Ip "\fBS/MIME \s-1CA\s0\fR" 4 -.IX Item "S/MIME CA" -The extended key usage extension must be absent or include the \*(L"email -protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the -S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints -extension is absent. -.Ip "\fB\s-1CRL\s0 Signing\fR" 4 -.IX Item "CRL Signing" -The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit -set. -.Ip "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 -.IX Item "CRL Signing CA" -The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension -must be present. -.SH "BUGS" -.IX Header "BUGS" -Extensions in certificates are not transferred to certificate requests and -vice versa. -.PP -It is possible to produce invalid certificates or requests by specifying the -wrong private key or using inconsistent options in some cases: these should -be checked. -.PP -There should be options to explicitly set such things as start and end -dates rather than an offset from the current time. -.PP -The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR -is currently being developed. It thus describes the intended behaviour rather -than the current behaviour. It is hoped that it will represent reality in -OpenSSL 0.9.5 and later. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -req(1), ca(1), genrsa(1), -gendsa(1), verify(1) diff --git a/secure/lib/libcrypto/opensslconf-alpha.h b/secure/lib/libcrypto/opensslconf-alpha.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-alpha.h +++ b/secure/lib/libcrypto/opensslconf-alpha.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-amd64.h b/secure/lib/libcrypto/opensslconf-amd64.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-amd64.h +++ b/secure/lib/libcrypto/opensslconf-amd64.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h index fc3cf04..48a1e03 100644 --- a/secure/lib/libcrypto/opensslconf-i386.h +++ b/secure/lib/libcrypto/opensslconf-i386.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-ia64.h b/secure/lib/libcrypto/opensslconf-ia64.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-ia64.h +++ b/secure/lib/libcrypto/opensslconf-ia64.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-powerpc.h b/secure/lib/libcrypto/opensslconf-powerpc.h index fc3cf04..48a1e03 100644 --- a/secure/lib/libcrypto/opensslconf-powerpc.h +++ b/secure/lib/libcrypto/opensslconf-powerpc.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-sparc64.h b/secure/lib/libcrypto/opensslconf-sparc64.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-sparc64.h +++ b/secure/lib/libcrypto/opensslconf-sparc64.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index 22050fb..a75ad79 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -1,23 +1,54 @@ # $FreeBSD$ LIB= ssl -SHLIB_MAJOR= 2 +SHLIB_MAJOR= 3 NOLINT= true +.include "../libcrypto/Makefile.inc" + SRCS= bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ - ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.o \ + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c -INCS= ssl.h ssl2.h ssl23.h ssl3.h tls1.h -INCSDIR=${INCLUDEDIR}/openssl -HDRS= ${INCS:S;^;../ssl/;} +MAN3= SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 \ + SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 \ + SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 \ + SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 \ + SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 \ + SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 \ + SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 \ + SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 \ + SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 \ + SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 \ + SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 \ + SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_session_cache_mode.3 \ + SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 \ + SSL_CTX_set_timeout.3 SSL_CTX_set_tmp_dh_callback.3 \ + SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 \ + SSL_CTX_use_certificate.3 SSL_SESSION_free.3 \ + SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 \ + SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 \ + SSL_free.3 SSL_get_SSL_CTX.3 SSL_get_ciphers.3 \ + SSL_get_client_CA_list.3 SSL_get_current_cipher.3 \ + SSL_get_default_timeout.3 SSL_get_error.3 \ + SSL_get_ex_data_X509_STORE_CTX_idx.3 SSL_get_ex_new_index.3 \ + SSL_get_fd.3 SSL_get_peer_cert_chain.3 SSL_get_peer_certificate.3 \ + SSL_get_rbio.3 SSL_get_session.3 SSL_get_verify_result.3 \ + SSL_get_version.3 SSL_library_init.3 SSL_load_client_CA_file.3 \ + SSL_new.3 SSL_pending.3 SSL_read.3 SSL_rstate_string.3 \ + SSL_session_reused.3 SSL_set_bio.3 SSL_set_connect_state.3 \ + SSL_set_fd.3 SSL_set_session.3 SSL_set_shutdown.3 \ + SSL_set_verify_result.3 SSL_shutdown.3 SSL_state_string.3 \ + SSL_want.3 SSL_write.3 d2i_SSL_SESSION.3 ssl.3 -.include "../libcrypto/Makefile.inc" - -.PATH: ${LCRYPTO_SRC}/../ssl +INCS= kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h +INCSDIR=${INCLUDEDIR}/openssl .include <bsd.lib.mk> + +.PATH: ${LCRYPTO_SRC}/ssl \ + ${.CURDIR}/man diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index 2f25fb8..a8b1303 100644 --- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:12 2002 +.\" Mon Jan 13 19:34:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index df9c0a0..a71b9a8 100644 --- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:13 2002 +.\" Mon Jan 13 19:34:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index 6fe189f..b50d3db 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:14 2002 +.\" Mon Jan 13 19:34:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_add_extra_chain_cert \- add certificate to chain diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 8e2bea2..8e36ab4 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:14 2002 +.\" Mon Jan 13 19:34:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_add_session 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache @@ -176,6 +176,14 @@ stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fISSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following values are returned by all functions: diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index 58fb374..0a4099c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:15 2002 +.\" Mon Jan 13 19:34:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects @@ -148,11 +148,11 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal han \& #include <openssl/ssl.h> .Ve .Vb 2 -\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); \& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); .Ve .Vb 2 -\& long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); \& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); .Ve .SH "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 07740f0..e5ff102 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:15 2002 +.\" Mon Jan 13 19:34:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 537d73f..2b69931 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:16 2002 +.\" Mon Jan 13 19:34:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_free 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 1d5ee3c..c9f37e1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:17 2002 +.\" Mon Jan 13 19:34:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index b4ffd92..69e2496 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:17 2002 +.\" Mon Jan 13 19:34:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index 61ccfea..72d6180 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:18 2002 +.\" Mon Jan 13 19:34:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 9660af2..8373f64 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:18 2002 +.\" Mon Jan 13 19:34:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 65efe32..dabce64 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:19 2002 +.\" Mon Jan 13 19:34:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CTX_sess_number 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index e182791..f09b241 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:20 2002 +.\" Mon Jan 13 19:34:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index c7ecde5..a7193f1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:20 2002 +.\" Mon Jan 13 19:34:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 19802ef..f60fcaf 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:21 2002 +.\" Mon Jan 13 19:34:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CTX_sessions 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sessions \- access internal session cache diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 82f6f7f..ea9c213 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:21 2002 +.\" Mon Jan 13 19:34:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index a197941..fbba61d 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:22 2002 +.\" Mon Jan 13 19:34:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure @@ -147,38 +147,36 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .Vb 1 \& #include <openssl/ssl.h> .Ve -.Vb 3 -\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), -\& char *arg); -\& int (*callback)(); +.Vb 1 +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for -\&\fBctx\fR. \s-1SSL\s0 objects, that are created from \fBctx\fR inherit the setting valid at -the time, SSL_new(3) is called. \fBarg\fR is currently ignored. +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when SSL_new(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. -If a verification callback \fBcallback\fR is specified via +If a verification callback \fIcallback\fR is specified via \&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called -instead. By setting \fBcallback\fR to \s-1NULL\s0, the default behaviour is restored. +instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. .PP -When the verification must be performed, \fBcallback\fR will be called with -the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments \fBarg\fR -that can be specified when setting \fBcallback\fR are currently ignored. +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. .PP -\&\fBcallback\fR should return 1 to indicate verification success and 0 to -indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fBcallback\fR +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR returns 0, the handshake will fail. As the verification procedure may allow to continue the connection in case of failure (by always returning 1) the verification result must be set in any case using the \fBerror\fR -member of \fBx509_store_ctx\fR, so that the calling application will be informed +member of \fIx509_store_ctx\fR so that the calling application will be informed about the detailed result of the verification procedure! .PP -Within \fBx509_store_ctx\fR, \fBcallback\fR has access to the \fBverify_callback\fR +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR function set using SSL_CTX_set_verify(3). .SH "WARNINGS" .IX Header "WARNINGS" @@ -193,11 +191,6 @@ and in most cases it should be sufficient to modify its behaviour using the \fBverify_callback\fR function. .SH "BUGS" .IX Header "BUGS" -It is possible to specify arguments to be passed to the verification callback. -Currently they are however not passed but ignored. -.PP -The \fBcallback\fR function is not specified via a prototype, so that no -type checking takes place. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. @@ -206,3 +199,10 @@ type checking takes place. ssl(3), SSL_CTX_set_verify(3), SSL_get_verify_result(3), SSL_CTX_load_verify_locations(3) +.SH "HISTORY" +.IX Header "HISTORY" +Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR +was ignored, and \fIcallback\fR was called simply as + int (*callback)(X509_STORE_CTX *) +To compile software written for previous versions of OpenSSL, a dummy +argument will have to be added to \fIcallback\fR. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 96ea953..0fe89b0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:23 2002 +.\" Mon Jan 13 19:34:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index e440c6a..d46da03 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:23 2002 +.\" Mon Jan 13 19:34:42 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index a0f450f..73a04c1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:24 2002 +.\" Mon Jan 13 19:34:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 402a89d..c165532 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:24 2002 +.\" Mon Jan 13 19:34:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 0000000..2eb467d --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_generate_session_id 3" +.TH SSL_CTX_set_generate_session_id 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +.Ve +.Vb 4 +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is 16 bytes for SSLv2 sessions and between +1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical +but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be +restored after the callback has finished and the session id will be padded +with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions. +The callback can use the SSL_get_version(3) function +to check, whether the session is of type SSLv2. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^128 possible ids +for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the +uniqueness of the generated session id, the callback must call +\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fISSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +When calling \fISSL_has_matching_session_id()\fR for an SSLv2 session with +reduced \fBid_len\fR, the match operation will be performed using the +fixed length required and with a 0x00 padded id. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www-18"; +.Ve +.Vb 6 +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(const SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& const char *version; +.Ve +.Vb 3 +\& version = SSL_get_version(ssl); +\& if (!strcmp(version, "SSLv2")) +\& /* we must not change id_len */; +.Ve +.Vb 17 +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it - but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. */ +\& memcpy(id, session_id_prefix, +\& (strlen(session_id_prefix) < *id_len) ? +\& strlen(session_id_prefix) : *id_len); +\& } +\& while(SSL_has_matching_session_id(ssl, id, *id_len) && +\& (++count < MAX_SESSION_ID_ATTEMPTS)); +\& if(count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_version(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR +and \fISSL_has_matching_session_id()\fR have been introduced in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index e834e94..52c455f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:25 2002 +.\" Mon Jan 13 19:34:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 0000000..6d65001 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_max_cert_list 3" +.TH SSL_CTX_set_max_cert_list 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +.Ve +.Vb 2 +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +SSL_new(3) is being called. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be <size> bytes. This setting stays valid +until a new value is set. +.PP +\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +SSL_CTX_set_verify(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), +SSL_CTX_set_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 4ed6233..bf13cde 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:26 2002 +.\" Mon Jan 13 19:34:48 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_mode 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 new file mode 100644 index 0000000..666c346 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:49 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_msg_callback 3" +.TH SSL_CTX_set_msg_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +.Ve +.Vb 2 +\& void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent. \fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +SSL_new(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message, +the function arguments have the following meaning: +.Ip "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.Ip "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library. Currently, this is one of +\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 +3.0 and \s-1TLS\s0 1.0, respectively). +.Ip "\fIcontent_type\fR" 4 +.IX Item "content_type" +In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 +or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the +protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, +\&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the +callback will only be called for protocol messages). +.Ip "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message, which +consists of \fIlen\fR bytes. The buffer is no longer valid after the +callback function has returned. +.Ip "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.Ip "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, +\&\fISSL_set_msg_callback()\fR and \fISSL_get_msg_callback_arg()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 77d9e08..bc31819 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:26 2002 +.\" Mon Jan 13 19:34:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_set_options 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options @@ -228,17 +228,6 @@ doing a re-connect, always takes the first cipher in the cipher list. .Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 .IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" \&... -.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 -.IX Item "SSL_OP_TLS_ROLLBACK_BUG" -Disable version rollback attack detection. -.Sp -During the client key exchange, the client must send the same information -about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) .Ip "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol @@ -254,6 +243,17 @@ options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: +.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) .Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_DH_USE" Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters @@ -263,7 +263,7 @@ the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes (e.g. when using DSA-parameters, see dhparam(1)). If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate a new \s-1DH\s0 key during each handshake but it is also recommended. -\&\s-1SSL_OP_SINGLE_DH_USE\s0 should therefore be enabled whenever +\&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever temporary/ephemeral \s-1DH\s0 parameters are used. .Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" @@ -276,6 +276,13 @@ with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral \&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral Diffie-Hellman) key exchange should be used instead. +.Ip "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the SSLv3/TLSv1 server will choose following its +own preferences. Because of the different protocol, for SSLv2 the server +will send his list of preferences to the client and the client chooses. .Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_1" \&... @@ -299,6 +306,11 @@ Do not use the SSLv3 protocol. .Ip "SSL_OP_NO_TLSv1" 4 .IX Item "SSL_OP_NO_TLSv1" Do not use the TLSv1 protocol. +.Ip "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask @@ -313,7 +325,13 @@ SSL_CTX_set_tmp_rsa_callback(3), dhparam(1) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1SSL_OP_TLS_ROLLBACK_BUG\s0 has been added in OpenSSL 0.9.6. +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR have been added in +OpenSSL 0.9.7. +.PP +\&\fB\s-1SSL_OP_TLS_ROLLBACK_BUG\s0\fR has been added in OpenSSL 0.9.6 and was automatically +enabled with \fB\s-1SSL_OP_ALL\s0\fR. As of 0.9.7, it is no longer included in \fB\s-1SSL_OP_ALL\s0\fR +and must be explicitly set. .PP \&\fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR has been added in OpenSSL 0.9.6e. Versions up to OpenSSL 0.9.6c do not include the countermeasure that diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index af9c079..27dc385 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:27 2002 +.\" Mon Jan 13 19:34:51 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index 3f5f5ae..76b9d59 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:28 2002 +.\" Mon Jan 13 19:34:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching @@ -165,12 +165,14 @@ The sessions can be held in memory for each \fBctx\fR, if more than one object. .PP In order to reuse a session, a client must send the session's id to the -server. It can only send exactly one id. The server then decides whether it -agrees in reusing the session or starts the handshake for a new session. +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). .PP -A server will lookup up the session in its internal session storage. If -the session is not found in internal storage or internal storage is -deactivated, the server will try the external storage if available. +A server will lookup up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see @@ -191,9 +193,10 @@ function. This option is not activated by default. .Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" Server sessions are added to the session cache. When a client proposes a -session to be reused, the session is looked up in the internal session cache. -If the session is found, the server will try to reuse the session. -This is the default. +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. .Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 .IX Item "SSL_SESS_CACHE_BOTH" Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. @@ -208,11 +211,28 @@ SSL_CTX_flush_sessions(3) can be called explicitly by the application. .Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" -By setting this flag sessions are cached in the internal storage but -they are not looked up automatically. If an external session cache -is enabled, sessions are looked up in the external cache. As automatic -lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on clients. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using SSL_CTX_add_session(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. .PP The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. .SH "RETURN VALUES" @@ -224,9 +244,14 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. .IX Header "SEE ALSO" ssl(3), SSL_set_session(3), SSL_session_reused(3), +SSL_CTX_add_session(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_set_session_id_context(3), SSL_CTX_set_timeout(3), SSL_CTX_flush_sessions(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0 +were introduced in OpenSSL 0.9.6h. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index 5f7c530..28eb5c5 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:28 2002 +.\" Mon Jan 13 19:34:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 13be704..58a7f3e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:29 2002 +.\" Mon Jan 13 19:34:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 0d94664..1c0d406 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:29 2002 +.\" Mon Jan 13 19:34:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 8f83135..fb0d6a6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:30 2002 +.\" Mon Jan 13 19:34:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 350e621..7f66c07 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:31 2002 +.\" Mon Jan 13 19:34:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index cc4b22a..7d220f3 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:31 2002 +.\" Mon Jan 13 19:34:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_verify 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters @@ -370,7 +370,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& * At this point, err contains the last verification error. We can use \& * it for something special \& */ -\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) \& { \& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); \& printf("issuer= %s\en", buf); diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index 159cc73..09d4fee 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:32 2002 +.\" Mon Jan 13 19:34:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index a81b4bb..bf03d05 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:33 2002 +.\" Mon Jan 13 19:35:00 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_SESSION_free 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 22e7422..d603f51 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:33 2002 +.\" Mon Jan 13 19:35:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index ebc0e38..b347df5 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:34 2002 +.\" Mon Jan 13 19:35:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_SESSION_get_time 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index ca2c4d8..3990be6 100644 --- a/secure/lib/libcrypto/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:34 2002 +.\" Mon Jan 13 19:35:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_accept 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 32a8b3b..87d9b37 100644 --- a/secure/lib/libcrypto/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:35 2002 +.\" Mon Jan 13 19:35:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_alert_type_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information @@ -148,12 +148,12 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al \& #include <openssl/ssl.h> .Ve .Vb 2 -\& char *SSL_alert_type_string(int value); -\& char *SSL_alert_type_string_long(int value); +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); .Ve .Vb 2 -\& char *SSL_alert_desc_string(int value); -\& char *SSL_alert_desc_string_long(int value); +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 6f7bb61..657be53 100644 --- a/secure/lib/libcrypto/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:36 2002 +.\" Mon Jan 13 19:35:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_clear 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_clear \- reset \s-1SSL\s0 object to allow another connection diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index ad19131..12b3bb0 100644 --- a/secure/lib/libcrypto/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:36 2002 +.\" Mon Jan 13 19:35:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_connect 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 0214192..d9c5db9 100644 --- a/secure/lib/libcrypto/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:37 2002 +.\" Mon Jan 13 19:35:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_do_handshake 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index c905cfd..65a6b8f 100644 --- a/secure/lib/libcrypto/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:38 2002 +.\" Mon Jan 13 19:35:07 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_free 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_free \- free an allocated \s-1SSL\s0 structure diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index 874ee382..b8f2a94 100644 --- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:38 2002 +.\" Mon Jan 13 19:35:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index 3e8477b..54dccf3 100644 --- a/secure/lib/libcrypto/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:39 2002 +.\" Mon Jan 13 19:35:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_ciphers 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs diff --git a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index f0f8af0..9221575 100644 --- a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:39 2002 +.\" Mon Jan 13 19:35:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_get_client_CA_list 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 4d5bca4..22e8bd3 100644 --- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:40 2002 +.\" Mon Jan 13 19:35:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_current_cipher 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 38525e7..037b17e 100644 --- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:41 2002 +.\" Mon Jan 13 19:35:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_default_timeout 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_default_timeout \- get default session timeout value diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index c5d74cc..745ae3a 100644 --- a/secure/lib/libcrypto/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:41 2002 +.\" Mon Jan 13 19:35:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_get_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation diff --git a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index ef03a57..1810c9e 100644 --- a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:42 2002 +.\" Mon Jan 13 19:35:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure diff --git a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 09afa61..da51320 100644 --- a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:42 2002 +.\" Mon Jan 13 19:35:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index 4d077fe..75f9557 100644 --- a/secure/lib/libcrypto/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:43 2002 +.\" Mon Jan 13 19:35:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 6185b12..ab3d7af 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:44 2002 +.\" Mon Jan 13 19:35:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index 49acf8b..471b5ba 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:44 2002 +.\" Mon Jan 13 19:35:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_peer_certificate 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_peer_certificate \- get the X509 certificate of the peer diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index a8719af..cc3f416 100644 --- a/secure/lib/libcrypto/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:45 2002 +.\" Mon Jan 13 19:35:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_rbio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index bcfd33b..49b5342 100644 --- a/secure/lib/libcrypto/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:45 2002 +.\" Mon Jan 13 19:35:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_session 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index 86762ca..8a3654d 100644 --- a/secure/lib/libcrypto/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:46 2002 +.\" Mon Jan 13 19:35:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_get_verify_result 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_verify_result \- get result of peer certificate verification diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index c80c552..8ea668a 100644 --- a/secure/lib/libcrypto/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:47 2002 +.\" Mon Jan 13 19:35:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_get_version 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_version \- get the protocol version of a connection. diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 437f1da..28422c6 100644 --- a/secure/lib/libcrypto/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:47 2002 +.\" Mon Jan 13 19:35:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_library_init 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index 8869853..aa545bc 100644 --- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:48 2002 +.\" Mon Jan 13 19:35:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_load_client_CA_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_load_client_CA_file \- load certificate names from file diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 976e31e..588900c 100644 --- a/secure/lib/libcrypto/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:48 2002 +.\" Mon Jan 13 19:35:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_new \- create a new \s-1SSL\s0 structure for a connection diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 41951d4..a5f0a0c 100644 --- a/secure/lib/libcrypto/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:49 2002 +.\" Mon Jan 13 19:35:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_pending 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 49a080e..f94ed5e 100644 --- a/secure/lib/libcrypto/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:50 2002 +.\" Mon Jan 13 19:35:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_read 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index e6a93bd..3eabd62 100644 --- a/secure/lib/libcrypto/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:50 2002 +.\" Mon Jan 13 19:35:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_rstate_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation @@ -148,8 +148,8 @@ SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of \& #include <openssl/ssl.h> .Ve .Vb 2 -\& char *SSL_rstate_string(SSL *ssl); -\& char *SSL_rstate_string_long(SSL *ssl); +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 302ccac..3511b36 100644 --- a/secure/lib/libcrypto/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:51 2002 +.\" Mon Jan 13 19:35:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_session_reused 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_session_reused \- query whether a reused session was negotiated during handshake diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index 80c46a4..6d59eae 100644 --- a/secure/lib/libcrypto/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:51 2002 +.\" Mon Jan 13 19:35:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_set_bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 8be743a..0d0e063 100644 --- a/secure/lib/libcrypto/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:52 2002 +.\" Mon Jan 13 19:35:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_set_connect_state 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index c2628f9..fce5274 100644 --- a/secure/lib/libcrypto/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:53 2002 +.\" Mon Jan 13 19:35:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_set_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 7c688ec..d42f4d3 100644 --- a/secure/lib/libcrypto/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:53 2002 +.\" Mon Jan 13 19:35:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_set_session 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index 3696d33..0b14492 100644 --- a/secure/lib/libcrypto/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:54 2002 +.\" Mon Jan 13 19:35:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_set_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 5b317e9..f4b7e34 100644 --- a/secure/lib/libcrypto/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:55 2002 +.\" Mon Jan 13 19:35:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_set_verify_result 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_verify_result \- override result of peer certificate verification diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 7dbc29e..d83fe3c 100644 --- a/secure/lib/libcrypto/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:55 2002 +.\" Mon Jan 13 19:35:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 115fffc..578ac6e 100644 --- a/secure/lib/libcrypto/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:56 2002 +.\" Mon Jan 13 19:35:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_state_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object @@ -148,8 +148,8 @@ SSL_state_string, SSL_state_string_long \- get textual description of state of a \& #include <openssl/ssl.h> .Ve .Vb 2 -\& char *SSL_state_string(SSL *ssl); -\& char *SSL_state_string_long(SSL *ssl); +\& const char *SSL_state_string(SSL *ssl); +\& const char *SSL_state_string_long(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 288e22a..a1cddcb 100644 --- a/secure/lib/libcrypto/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:56 2002 +.\" Mon Jan 13 19:35:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_want 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 487a9da..0670668 100644 --- a/secure/lib/libcrypto/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:57 2002 +.\" Mon Jan 13 19:35:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_write 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 64d9f8a..03c2239 100644 --- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:58 2002 +.\" Mon Jan 13 19:35:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH d2i_SSL_SESSION 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation diff --git a/secure/lib/libcrypto/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index 1964f5e..cc05cd2 100644 --- a/secure/lib/libcrypto/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:58 2002 +.\" Mon Jan 13 19:35:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH ssl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library @@ -406,6 +406,10 @@ protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. .IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" .Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 .IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.Ip "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.Ip "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" .Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 .IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" .Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 @@ -436,7 +440,7 @@ appropriate size (using ???) and return it. .IX Item "SSL_set_tmp_rsa_callback" long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); .Sp -The same as the section on "SSL_CTX_set_tmp_rsa_callback", except it operates on an \s-1SSL\s0 +The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0 session instead of a context. .Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" @@ -659,6 +663,10 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .IX Item "int SSL_set_fd(SSL *ssl, int fd);" .Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 .IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.Ip "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.Ip "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" .Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 .IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" .Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 @@ -751,8 +759,11 @@ SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_generate_session_id(3), SSL_CTX_set_info_callback(3), +SSL_CTX_set_max_cert_list(3), SSL_CTX_set_mode(3), +SSL_CTX_set_msg_callback(3), SSL_CTX_set_options(3), SSL_CTX_set_quiet_shutdown(3), SSL_CTX_set_session_cache_mode(3), |
