diff options
author | markm <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2003-01-28 22:58:14 +0000 |
commit | ecacd12edb99d739f012912174233320c5f8262f (patch) | |
tree | b81a83b72c76fb8541cf06d3e99d92f1c0fc0888 /secure | |
parent | b159341ed957acbcab2f9bdd46c0b82ecd2e7864 (diff) | |
download | FreeBSD-src-ecacd12edb99d739f012912174233320c5f8262f.zip FreeBSD-src-ecacd12edb99d739f012912174233320c5f8262f.tar.gz |
Update for OpenSSL 0.9.7. No assembler code at the moment. This
will follow.
Diffstat (limited to 'secure')
276 files changed, 12390 insertions, 2619 deletions
diff --git a/secure/lib/libcrypto/Makefile b/secure/lib/libcrypto/Makefile index 6da25cb..933da6a 100644 --- a/secure/lib/libcrypto/Makefile +++ b/secure/lib/libcrypto/Makefile @@ -1,144 +1,115 @@ # $FreeBSD$ -.include "Makefile.inc" - -.PATH: ${LCRYPTO_SRC} ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/bf \ - ${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/buffer \ - ${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/conf \ - ${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/dsa \ - ${LCRYPTO_SRC}/dso ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/evp \ - ${LCRYPTO_SRC}/hmac ${LCRYPTO_SRC}/lhash ${LCRYPTO_SRC}/md2 \ - ${LCRYPTO_SRC}/md4 ${LCRYPTO_SRC}/md5 ${LCRYPTO_SRC}/mdc2 \ - ${LCRYPTO_SRC}/objects ${LCRYPTO_SRC}/pem ${LCRYPTO_SRC}/pkcs7 \ - ${LCRYPTO_SRC}/pkcs12 ${LCRYPTO_SRC}/rand ${LCRYPTO_SRC}/rc2 \ - ${LCRYPTO_SRC}/rc4 ${LCRYPTO_SRC}/rc5 ${LCRYPTO_SRC}/ripemd \ - ${LCRYPTO_SRC}/rsa ${LCRYPTO_SRC}/../rsaref ${LCRYPTO_SRC}/sha \ - ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/x509 \ - ${LCRYPTO_SRC}/x509v3 ${.CURDIR}/man - -.if ${MACHINE_ARCH} == "i386" -.PATH: ${.CURDIR}/i386 -.endif - -.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES -.PATH: ${LCRYPTO_SRC}/idea -.endif - LIB= crypto -SHLIB_MAJOR= 2 +SHLIB_MAJOR= 3 NOLINT= true +.include "Makefile.inc" + # base sources -SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \ - tmdiff.c uid.c +SRCS+= cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \ + mem_dbg.c o_time.c tmdiff.c uid.c + +# aes +SRCS+= aes_cbc.c aes_cfb.c aes_core.c aes_ctr.c aes_ecb.c aes_misc.c aes_ofb.c # asn1 -SRCS+= a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ +SRCS+= a_bitstr.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \ a_dup.c a_enum.c a_gentm.c a_hdr.c a_i2d_fp.c a_int.c \ - a_mbstr.c a_meth.c a_null.c a_object.c a_octet.c a_print.c \ + a_mbstr.c a_meth.c a_object.c a_octet.c a_print.c \ a_set.c a_sign.c a_strex.c a_strnid.c a_time.c a_type.c \ - a_utctm.c a_utf8.c a_verify.c a_vis.c asn1_err.c asn1_lib.c \ - asn1_par.c asn_pack.c d2i_dhp.c d2i_dsap.c d2i_pr.c d2i_pu.c \ - d2i_r_pr.c d2i_r_pu.c d2i_s_pr.c d2i_s_pu.c evp_asn1.c \ - f_enum.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c i2d_pr.c \ - i2d_pu.c i2d_r_pr.c i2d_r_pu.c i2d_s_pr.c i2d_s_pu.c n_pkey.c \ - nsseq.c p5_pbe.c p5_pbev2.c p7_dgst.c p7_enc.c p7_enc_c.c \ - p7_evp.c p7_i_s.c p7_lib.c p7_recip.c p7_s_e.c p7_signd.c \ - p7_signi.c p8_pkey.c t_bitst.c t_crl.c t_pkey.c t_req.c \ - t_spki.c t_x509.c t_x509a.c x_algor.c x_attrib.c x_cinf.c \ - x_crl.c x_exten.c x_info.c x_name.c x_pkey.c x_pubkey.c \ + a_utctm.c a_utf8.c a_verify.c asn1_err.c asn1_lib.c \ + asn1_par.c asn_moid.c asn_pack.c d2i_pr.c d2i_pu.c \ + evp_asn1.c f_enum.c f_int.c f_string.c i2d_pr.c i2d_pu.c \ + n_pkey.c nsseq.c p5_pbe.c p5_pbev2.c p8_pkey.c t_bitst.c \ + t_crl.c t_pkey.c t_req.c t_spki.c t_x509.c t_x509a.c \ + tasn_dec.c tasn_enc.c tasn_fre.c tasn_new.c tasn_typ.c \ + tasn_utl.c x_algor.c x_attrib.c x_bignum.c x_crl.c \ + x_exten.c x_info.c x_long.c x_name.c x_pkey.c x_pubkey.c \ x_req.c x_sig.c x_spki.c x_val.c x_x509.c x_x509a.c -# blowfish -SRCS+= bf_cfb64.c bf_ecb.c bf_ofb64.c bf_skey.c -.if ${MACHINE_ARCH} == "i386" -.if ${MACHINE_CPU:Mi686} -SRCS+= bf-686.s -.else -SRCS+= bf-586.s -.endif -.else -SRCS+= bf_enc.c -.endif +# bf +SRCS+= bf_cfb64.c bf_ecb.c bf_enc.c bf_ofb64.c bf_skey.c # bio -SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_nbio.c bf_null.c \ - bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c bss_conn.c \ - bss_fd.c bss_file.c bss_log.c bss_mem.c bss_null.c bss_sock.c +SRCS+= b_dump.c b_print.c b_sock.c bf_buff.c bf_lbuf.c bf_nbio.c \ + bf_null.c bio_cb.c bio_err.c bio_lib.c bss_acpt.c bss_bio.c \ + bss_conn.c bss_fd.c bss_file.c bss_log.c bss_mem.c \ + bss_null.c bss_sock.c # bn - -SRCS+= bn_add.c bn_blind.c bn_ctx.c bn_div.c bn_err.c \ - bn_exp.c bn_exp2.c bn_gcd.c bn_lib.c bn_mont.c bn_mpi.c \ - bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c bn_shift.c \ - bn_sqr.c bn_word.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= bn-586.s co-586.s -.else -SRCS+= bn_asm.c -.endif +SRCS+= bn_add.c bn_asm.c bn_blind.c bn_ctx.c bn_div.c bn_err.c bn_exp.c \ + bn_exp2.c bn_gcd.c bn_kron.c bn_lib.c bn_mod.c bn_mont.c \ + bn_mpi.c bn_mul.c bn_prime.c bn_print.c bn_rand.c bn_recp.c \ + bn_shift.c bn_sqr.c bn_sqrt.c bn_word.c # buffer -SRCS+= buf_err.c buffer.c +SRCS+= buf_err.c buffer.c # cast -SRCS+= c_cfb64.c c_ecb.c c_ofb64.c c_skey.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= cast-586.s -.else -SRCS+= c_enc.c -.endif +SRCS+= c_cfb64.c c_ecb.c c_enc.c c_ofb64.c c_skey.c # comp -SRCS+= c_rle.c c_zlib.c comp_lib.c +SRCS+= c_rle.c c_zlib.c comp_err.c comp_lib.c # conf -SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c +SRCS+= conf_api.c conf_def.c conf_err.c conf_lib.c conf_mall.c conf_mod.c conf_sap.c # des -SRCS+= cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ - ecb3_enc.c ecb_enc.c ede_cbcm_enc.c enc_read.c enc_writ.c \ - fcrypt.c ofb64ede.c ofb64enc.c ofb_enc.c pcbc_enc.c \ - qud_cksm.c rand_key.c read2pwd.c read_pwd.c rpc_enc.c \ - set_key.c str2key.c xcbc_enc.c rnd_keys.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= des-586.s crypt586.s -.else -SRCS+= des_enc.c fcrypt_b.c -.endif +SRCS+= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64ede.c cfb64enc.c cfb_enc.c \ + des_enc.c des_old.c des_old2.c ecb3_enc.c ecb_enc.c ede_cbcm_enc.c \ + enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64ede.c ofb64enc.c \ + ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read2pwd.c rnd_keys.c \ + rpc_enc.c set_key.c str2key.c xcbc_enc.c # dh -SRCS+= dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c +SRCS+= dh_asn1.c dh_check.c dh_err.c dh_gen.c dh_key.c dh_lib.c -# dsa -SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c \ - dsa_sign.c dsa_vrf.c +# dsa +SRCS+= dsa_asn1.c dsa_err.c dsa_gen.c dsa_key.c dsa_lib.c dsa_ossl.c dsa_sign.c dsa_vrf.c # dso -SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c +SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c + +# ec +SRCS+= ec_cvt.c ec_err.c ec_lib.c ec_mult.c ecp_mont.c ecp_nist.c \ + ecp_recp.c ecp_smpl.c + +# engine +SRCS+= eng_all.c eng_cnf.c eng_ctrl.c eng_dyn.c eng_err.c eng_fat.c \ + eng_init.c eng_lib.c eng_list.c eng_openssl.c eng_pkey.c \ + eng_table.c hw_4758_cca.c hw_4758_cca_err.c hw_aep.c hw_aep_err.c \ + hw_atalla.c hw_atalla_err.c hw_cryptodev.c hw_cswift.c \ + hw_cswift_err.c hw_ncipher.c hw_ncipher_err.c hw_nuron.c \ + hw_nuron_err.c hw_sureware.c hw_sureware_err.c hw_ubsec.c \ + hw_ubsec_err.c tb_cipher.c tb_dh.c tb_digest.c tb_dsa.c tb_rand.c \ + tb_rsa.c # err SRCS+= err.c err_all.c err_prn.c # evp SRCS+= bio_b64.c bio_enc.c bio_md.c bio_ok.c c_all.c c_allc.c c_alld.c \ - digest.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c e_null.c \ - e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c evp_enc.c \ - evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c m_dss.c \ - m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c m_ripemd.c \ - m_sha.c m_sha1.c names.c p5_crpt.c p5_crpt2.c p_dec.c p_enc.c \ - p_lib.c p_open.c p_seal.c p_sign.c p_verify.c + digest.c e_aes.c e_bf.c e_cast.c e_des.c e_des3.c e_idea.c \ + e_null.c e_rc2.c e_rc4.c e_rc5.c e_xcbc_d.c encode.c evp_acnf.c \ + evp_enc.c evp_err.c evp_key.c evp_lib.c evp_pbe.c evp_pkey.c \ + m_dss.c m_dss1.c m_md2.c m_md4.c m_md5.c m_mdc2.c m_null.c \ + m_ripemd.c m_sha.c m_sha1.c names.c openbsd_hw.c p5_crpt.c \ + p5_crpt2.c p_dec.c p_enc.c p_lib.c p_open.c p_seal.c p_sign.c \ + p_verify.c # hmac SRCS+= hmac.c # idea .if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES -SRCS+= i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c i_skey.c +SRCS+= i_cbc.c i_cfb64.c i_ecb.c i_ofb64.c i_skey.c .endif +# krb5 +#SRCS+= krb5_asn.c + # lhash SRCS+= lh_stats.c lhash.c @@ -150,233 +121,169 @@ SRCS+= md4_dgst.c md4_one.c # md5 SRCS+= md5_dgst.c md5_one.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= md5-586.s -.endif # mdc2 -SRCS+= mdc2dgst.c mdc2_one.c +SRCS+= mdc2_one.c mdc2dgst.c # objects SRCS+= o_names.c obj_dat.c obj_err.c obj_lib.c -# pem -SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_seal.c pem_sign.c +# ocsp +SRCS+= ocsp_asn.c ocsp_cl.c ocsp_err.c ocsp_ext.c ocsp_ht.c \ + ocsp_lib.c ocsp_prn.c ocsp_srv.c ocsp_vfy.c -# pkcs7 -SRCS+= pk7_attr.c pk7_doit.c pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c +# pem +SRCS+= pem_all.c pem_err.c pem_info.c pem_lib.c pem_oth.c pem_pk8.c \ + pem_pkey.c pem_seal.c pem_sign.c pem_x509.c pem_xaux.c # pkcs12 -SRCS+= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \ - p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c \ - p12_npas.c p12_sbag.c p12_utl.c pk12err.c +SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c \ + p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c \ + p12_npas.c p12_p8d.c p12_p8e.c p12_utl.c pk12err.c + +# pkcs7 +SRCS+= example.c pk7_asn1.c pk7_attr.c pk7_dgst.c pk7_doit.c \ + pk7_lib.c pk7_mime.c pk7_smime.c pkcs7err.c # rand -SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_win.c randfile.c +SRCS+= md_rand.c rand_egd.c rand_err.c rand_lib.c rand_unix.c randfile.c # rc2 -SRCS+= rc2_cbc.c rc2cfb64.c rc2_ecb.c rc2ofb64.c rc2_skey.c +SRCS+= rc2_cbc.c rc2_ecb.c rc2_skey.c rc2cfb64.c rc2ofb64.c # rc4 -SRCS+= rc4_skey.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= rc4-586.s -.else -SRCS+= rc4_enc.c -.endif +SRCS+= rc4_enc.c rc4_skey.c # rc5 -SRCS+= rc5cfb64.c rc5_ecb.c rc5ofb64.c rc5_skey.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= rc5-586.s -.else -SRCS+= rc5_enc.c -.endif +SRCS+= rc5_ecb.c rc5_enc.c rc5_skey.c rc5cfb64.c rc5ofb64.c # ripemd SRCS+= rmd_dgst.c rmd_one.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= rmd-586.s -.endif # rsa -.if defined(WITH_RSA) && ${WITH_RSA} == YES -SRCS+= rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c rsa_none.c \ - rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c rsa_sign.c rsa_ssl.c -.endif +SRCS+= rsa_asn1.c rsa_chk.c rsa_eay.c rsa_err.c rsa_gen.c rsa_lib.c \ + rsa_none.c rsa_null.c rsa_oaep.c rsa_pk1.c rsa_saos.c \ + rsa_sign.c rsa_ssl.c # sha -SRCS+= sha_dgst.c sha_one.c sha1_one.c sha1dgst.c -.if ${MACHINE_ARCH} == "i386" -SRCS+= sha1-586.s -.endif +SRCS+= sha1_one.c sha1dgst.c sha_dgst.c sha_one.c # stack SRCS+= stack.c +# threads +SRCS+= th-lock.c + # txt_db SRCS+= txt_db.c -# x509 -SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c x509_def.c \ - x509_err.c x509_ext.c x509_lu.c x509_obj.c x509_r2x.c \ - x509_req.c x509_set.c x509_trs.c x509_txt.c x509_v3.c \ - x509_vfy.c x509name.c x509rset.c x509spki.c x509type.c x_all.c -# x509v3 -SRCS+= v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c \ - v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_info.c \ - v3_int.c v3_lib.c v3_pku.c v3_prn.c v3_purp.c v3_skey.c \ - v3_sxnet.c v3_utl.c v3err.c - -POD1+= apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod \ - apps/ciphers.pod apps/crl.pod \ - apps/crl2pkcs7.pod apps/dgst.pod apps/dhparam.pod apps/dsa.pod \ - apps/dsaparam.pod apps/enc.pod apps/gendsa.pod apps/genrsa.pod \ - apps/nseq.pod apps/openssl.pod apps/passwd.pod apps/pkcs12.pod \ - apps/pkcs7.pod apps/pkcs8.pod apps/rand.pod apps/req.pod \ - apps/rsa.pod apps/rsautl.pod apps/s_client.pod \ - apps/s_server.pod apps/sess_id.pod apps/smime.pod \ - apps/speed.pod apps/spkac.pod apps/verify.pod apps/version.pod \ - apps/x509.pod - -POD3+= crypto/BIO_ctrl.pod crypto/BIO_f_base64.pod \ - crypto/BIO_f_buffer.pod crypto/BIO_f_cipher.pod \ - crypto/BIO_f_md.pod crypto/BIO_f_null.pod crypto/BIO_f_ssl.pod \ - crypto/BIO_find_type.pod crypto/BIO_new.pod \ - crypto/BIO_new_bio_pair.pod crypto/BIO_push.pod \ - crypto/BIO_read.pod crypto/BIO_s_accept.pod \ - crypto/BIO_s_bio.pod crypto/BIO_s_connect.pod \ - crypto/BIO_s_fd.pod crypto/BIO_s_file.pod crypto/BIO_s_mem.pod \ - crypto/BIO_s_null.pod crypto/BIO_s_socket.pod \ - crypto/BIO_set_callback.pod crypto/BIO_should_retry.pod \ - crypto/BN_CTX_new.pod crypto/BN_CTX_start.pod \ - crypto/BN_add.pod crypto/BN_add_word.pod crypto/BN_bn2bin.pod \ - crypto/BN_cmp.pod crypto/BN_copy.pod \ - crypto/BN_generate_prime.pod crypto/BN_mod_inverse.pod \ - crypto/BN_mod_mul_montgomery.pod \ - crypto/BN_mod_mul_reciprocal.pod crypto/BN_new.pod \ - crypto/BN_num_bytes.pod crypto/BN_rand.pod \ - crypto/BN_set_bit.pod crypto/BN_zero.pod \ - crypto/CRYPTO_set_ex_data.pod crypto/DH_generate_key.pod \ - crypto/DH_generate_parameters.pod \ - crypto/DH_get_ex_new_index.pod crypto/DH_new.pod \ - crypto/DH_set_method.pod crypto/DH_size.pod \ - crypto/DSA_SIG_new.pod crypto/DSA_do_sign.pod \ - crypto/DSA_dup_DH.pod crypto/DSA_generate_key.pod \ - crypto/DSA_generate_parameters.pod \ - crypto/DSA_get_ex_new_index.pod crypto/DSA_new.pod \ - crypto/DSA_set_method.pod crypto/DSA_sign.pod \ - crypto/DSA_size.pod crypto/ERR_GET_LIB.pod \ - crypto/ERR_clear_error.pod crypto/ERR_error_string.pod \ - crypto/ERR_get_error.pod crypto/ERR_load_crypto_strings.pod \ - crypto/ERR_load_strings.pod crypto/ERR_print_errors.pod \ - crypto/ERR_put_error.pod crypto/ERR_remove_state.pod \ - crypto/EVP_DigestInit.pod crypto/EVP_EncryptInit.pod \ - crypto/EVP_OpenInit.pod crypto/EVP_SealInit.pod \ - crypto/EVP_SignInit.pod crypto/EVP_VerifyInit.pod \ - crypto/OPENSSL_VERSION_NUMBER.pod \ - crypto/OpenSSL_add_all_algorithms.pod crypto/RAND_add.pod \ - crypto/RAND_bytes.pod crypto/RAND_cleanup.pod \ - crypto/RAND_egd.pod crypto/RAND_load_file.pod \ - crypto/RAND_set_rand_method.pod crypto/RSA_blinding_on.pod \ - crypto/RSA_check_key.pod crypto/RSA_generate_key.pod \ - crypto/RSA_get_ex_new_index.pod crypto/RSA_new.pod \ - crypto/RSA_padding_add_PKCS1_type_1.pod crypto/RSA_print.pod \ - crypto/RSA_private_encrypt.pod crypto/RSA_public_encrypt.pod \ - crypto/RSA_set_method.pod crypto/RSA_sign.pod \ - crypto/RSA_sign_ASN1_OCTET_STRING.pod crypto/RSA_size.pod \ - crypto/bio.pod crypto/blowfish.pod crypto/bn.pod \ - crypto/bn_internal.pod crypto/buffer.pod crypto/crypto.pod \ - crypto/d2i_DHparams.pod crypto/d2i_RSAPublicKey.pod \ - crypto/des.pod crypto/des_modes.pod crypto/dh.pod \ - crypto/dsa.pod crypto/err.pod crypto/evp.pod crypto/hmac.pod \ - crypto/lh_stats.pod crypto/lhash.pod crypto/md5.pod \ - crypto/mdc2.pod crypto/rand.pod crypto/rc4.pod \ - crypto/ripemd.pod crypto/rsa.pod crypto/sha.pod \ - crypto/threads.pod - -POD3+= ssl/SSL_CIPHER_get_name.pod \ - ssl/SSL_CTX_add_extra_chain_cert.pod \ - ssl/SSL_CTX_add_session.pod ssl/SSL_CTX_flush_sessions.pod \ - ssl/SSL_CTX_free.pod ssl/SSL_CTX_get_ex_new_index.pod \ - ssl/SSL_CTX_get_verify_mode.pod \ - ssl/SSL_CTX_load_verify_locations.pod ssl/SSL_CTX_new.pod \ - ssl/SSL_CTX_sess_set_cache_size.pod ssl/SSL_CTX_sess_set_get_cb.pod \ - ssl/SSL_CTX_sessions.pod ssl/SSL_CTX_set_cipher_list.pod \ - ssl/SSL_CTX_set_client_CA_list.pod \ - ssl/SSL_CTX_set_client_cert_cb.pod \ - ssl/SSL_CTX_set_default_passwd_cb.pod ssl/SSL_CTX_set_options.pod\ - ssl/SSL_CTX_set_session_cache_mode.pod \ - ssl/SSL_CTX_set_session_id_context.pod \ - ssl/SSL_CTX_set_ssl_version.pod \ - ssl/SSL_CTX_set_timeout.pod ssl/SSL_CTX_set_verify.pod \ - ssl/SSL_CTX_use_certificate.pod ssl/SSL_SESSION_free.pod \ - ssl/SSL_SESSION_get_ex_new_index.pod \ - ssl/SSL_SESSION_get_time.pod \ - ssl/SSL_accept.pod ssl/SSL_clear.pod ssl/SSL_connect.pod \ - ssl/SSL_do_handshake.pod \ - ssl/SSL_free.pod ssl/SSL_get_ciphers.pod \ - ssl/SSL_get_client_CA_list.pod ssl/SSL_get_current_cipher.pod \ - ssl/SSL_get_error.pod ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \ - ssl/SSL_get_ex_new_index.pod ssl/SSL_get_fd.pod \ - ssl/SSL_get_peer_cert_chain.pod ssl/SSL_get_peer_certificate.pod \ - ssl/SSL_get_rbio.pod ssl/SSL_get_session.pod \ - ssl/SSL_get_verify_result.pod ssl/SSL_library_init.pod \ - ssl/SSL_load_client_CA_file.pod ssl/SSL_new.pod ssl/SSL_pending.pod \ - ssl/SSL_read.pod ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod \ - ssl/SSL_set_session.pod ssl/SSL_set_verify_result.pod \ - ssl/SSL_shutdown.pod ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod \ - ssl/ssl.pod ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \ - ssl/SSL_get_version.pod ssl/SSL_set_connect_state.pod \ - ssl/SSL_set_shutdown.pod ssl/SSL_alert_type_string.pod \ - ssl/SSL_COMP_add_compression_method.pod ssl/SSL_CTX_ctrl.pod \ - ssl/SSL_CTX_set_cert_store.pod \ - ssl/SSL_CTX_set_cert_verify_callback.pod \ - ssl/SSL_CTX_set_info_callback.pod ssl/SSL_CTX_set_quiet_shutdown.pod \ - ssl/SSL_CTX_set_tmp_dh_callback.pod \ - ssl/SSL_CTX_set_tmp_rsa_callback.pod ssl/SSL_get_default_timeout.pod \ - ssl/SSL_get_SSL_CTX.pod ssl/SSL_rstate_string.pod \ - ssl/SSL_session_reused.pod ssl/SSL_state_string.pod \ - ssl/SSL_want.pod - -POD5+= apps/config.pod - -.if defined(WANT_OPENSSL_MANPAGES) -.for section in 1 3 5 -.for pod in ${POD${section}} -.for target in ${pod:T:S/.pod/.${section}/g} -MAN+= ${target} -.endfor -.endfor -.endfor -.endif +# ui +SRCS+= ui_compat.c ui_err.c ui_lib.c ui_openssl.c ui_util.c -MAN+= des_crypt.3 +# x509 +SRCS+= by_dir.c by_file.c x509_att.c x509_cmp.c x509_d2.c \ + x509_def.c x509_err.c x509_ext.c x509_lu.c x509_obj.c \ + x509_r2x.c x509_req.c x509_set.c x509_trs.c x509_txt.c \ + x509_v3.c x509_vfy.c x509cset.c x509name.c x509rset.c \ + x509spki.c x509type.c x_all.c -MLINKS= des_crypt.3 des_read_password.3 \ - des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \ - des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \ - des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \ - des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \ - des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \ - des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \ - des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \ - des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \ - des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \ - des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3 +# x509v3 +SRCS+= v3_akey.c v3_akeya.c v3_alt.c v3_bcons.c v3_bitst.c \ + v3_conf.c v3_cpols.c v3_crld.c v3_enum.c v3_extku.c \ + v3_genn.c v3_ia5.c v3_info.c v3_int.c v3_lib.c v3_ocsp.c \ + v3_pku.c v3_prn.c v3_purp.c v3_skey.c v3_sxnet.c v3_utl.c v3err.c + +MAN3= ASN1_OBJECT_new.3 ASN1_STRING_length.3 ASN1_STRING_new.3 \ + ASN1_STRING_print_ex.3 BIO_ctrl.3 BIO_f_base64.3 BIO_f_buffer.3 \ + BIO_f_cipher.3 BIO_f_md.3 BIO_f_null.3 BIO_f_ssl.3 BIO_find_type.3 \ + BIO_new.3 BIO_push.3 BIO_read.3 BIO_s_accept.3 BIO_s_bio.3 \ + BIO_s_connect.3 BIO_s_fd.3 BIO_s_file.3 BIO_s_mem.3 BIO_s_null.3 \ + BIO_s_socket.3 BIO_set_callback.3 BIO_should_retry.3 BN_CTX_new.3 \ + BN_CTX_start.3 BN_add.3 BN_add_word.3 BN_bn2bin.3 BN_cmp.3 \ + BN_copy.3 BN_generate_prime.3 BN_mod_inverse.3 BN_mod_mul_montgomery.3 \ + BN_mod_mul_reciprocal.3 BN_new.3 BN_num_bytes.3 BN_rand.3 \ + BN_set_bit.3 BN_swap.3 BN_zero.3 CRYPTO_set_ex_data.3 \ + DH_generate_key.3 DH_generate_parameters.3 DH_get_ex_new_index.3 \ + DH_new.3 DH_set_method.3 DH_size.3 DSA_SIG_new.3 DSA_do_sign.3 \ + DSA_dup_DH.3 DSA_generate_key.3 DSA_generate_parameters.3 \ + DSA_get_ex_new_index.3 DSA_new.3 DSA_set_method.3 DSA_sign.3 \ + DSA_size.3 ERR_GET_LIB.3 ERR_clear_error.3 ERR_error_string.3 \ + ERR_get_error.3 ERR_load_crypto_strings.3 ERR_load_strings.3 \ + ERR_print_errors.3 ERR_put_error.3 ERR_remove_state.3 \ + EVP_BytesToKey.3 EVP_DigestInit.3 EVP_EncryptInit.3 EVP_OpenInit.3 \ + EVP_PKEY_new.3 EVP_PKEY_set1_RSA.3 EVP_SealInit.3 EVP_SignInit.3 \ + EVP_VerifyInit.3 OBJ_nid2obj.3 OPENSSL_VERSION_NUMBER.3 \ + OpenSSL_add_all_algorithms.3 PKCS12_create.3 PKCS12_parse.3 \ + PKCS7_decrypt.3 PKCS7_encrypt.3 PKCS7_sign.3 PKCS7_verify.3 \ + RAND_add.3 RAND_bytes.3 RAND_cleanup.3 RAND_egd.3 RAND_load_file.3 \ + RAND_set_rand_method.3 RSA_blinding_on.3 RSA_check_key.3 \ + RSA_generate_key.3 RSA_get_ex_new_index.3 RSA_new.3 \ + RSA_padding_add_PKCS1_type_1.3 RSA_print.3 RSA_private_encrypt.3 \ + RSA_public_encrypt.3 RSA_set_method.3 RSA_sign.3 \ + RSA_sign_ASN1_OCTET_STRING.3 RSA_size.3 SMIME_read_PKCS7.3 \ + SMIME_write_PKCS7.3 X509_NAME_ENTRY_get_object.3 \ + X509_NAME_add_entry_by_txt.3 X509_NAME_get_index_by_NID.3 \ + X509_NAME_print_ex.3 X509_new.3 bio.3 blowfish.3 bn.3 bn_internal.3 \ + buffer.3 crypto.3 d2i_ASN1_OBJECT.3 d2i_DHparams.3 d2i_DSAPublicKey.3 \ + d2i_PKCS8PrivateKey.3 d2i_RSAPublicKey.3 d2i_X509.3 d2i_X509_ALGOR.3 \ + d2i_X509_CRL.3 d2i_X509_NAME.3 d2i_X509_REQ.3 d2i_X509_SIG.3 \ + des.3 des_modes.3 dh.3 dsa.3 engine.3 err.3 evp.3 hmac.3 \ + lh_stats.3 lhash.3 md5.3 mdc2.3 pem.3 rand.3 rc4.3 ripemd.3 \ + rsa.3 sha.3 threads.3 ui.3 ui_compat.3 INCS= ${HDRS} openssl/evp.h openssl/opensslconf.h INCSDIR= ${INCLUDEDIR}/openssl -INCSLINKS= openssl/des.h ${INCLUDEDIR}/des.h -afterinstall: -.if !defined(NOPIC) -SYMLINKS+= lib${LIB}.so.${SHLIB_MAJOR} ${LIBDIR}/libdes.so.3 -SYMLINKS+= lib${LIB}.so.${SHLIB_MAJOR} ${LIBDIR}/libdes.so -.endif -SYMLINKS+= lib${LIB}.a ${LIBDIR}/libdes.a -.if !defined(NOPROFILE) -SYMLINKS+= lib${LIB}_p.a ${LIBDIR}/libdes_p.a +.include <bsd.lib.mk> + +.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES +_ideapath= ${LCRYPTO_SRC}/crypto/idea .endif -.include <bsd.lib.mk> +.PATH: \ + ${LCRYPTO_SRC}/crypto \ + ${LCRYPTO_SRC}/crypto/aes \ + ${LCRYPTO_SRC}/crypto/asn1 \ + ${LCRYPTO_SRC}/crypto/bf \ + ${LCRYPTO_SRC}/crypto/bio \ + ${LCRYPTO_SRC}/crypto/bn \ + ${LCRYPTO_SRC}/crypto/buffer \ + ${LCRYPTO_SRC}/crypto/cast \ + ${LCRYPTO_SRC}/crypto/comp \ + ${LCRYPTO_SRC}/crypto/conf \ + ${LCRYPTO_SRC}/crypto/des \ + ${LCRYPTO_SRC}/crypto/dh \ + ${LCRYPTO_SRC}/crypto/dsa \ + ${LCRYPTO_SRC}/crypto/dso \ + ${LCRYPTO_SRC}/crypto/ec \ + ${LCRYPTO_SRC}/crypto/engine \ + ${LCRYPTO_SRC}/crypto/err \ + ${LCRYPTO_SRC}/crypto/evp \ + ${LCRYPTO_SRC}/crypto/hmac \ + ${_ideapath} \ + ${LCRYPTO_SRC}/crypto/krb5 \ + ${LCRYPTO_SRC}/crypto/lhash \ + ${LCRYPTO_SRC}/crypto/md2 \ + ${LCRYPTO_SRC}/crypto/md4 \ + ${LCRYPTO_SRC}/crypto/md5 \ + ${LCRYPTO_SRC}/crypto/mdc2 \ + ${LCRYPTO_SRC}/crypto/objects \ + ${LCRYPTO_SRC}/crypto/ocsp \ + ${LCRYPTO_SRC}/crypto/pem \ + ${LCRYPTO_SRC}/crypto/pkcs12 \ + ${LCRYPTO_SRC}/crypto/pkcs7 \ + ${LCRYPTO_SRC}/crypto/rand \ + ${LCRYPTO_SRC}/crypto/rc2 \ + ${LCRYPTO_SRC}/crypto/rc4 \ + ${LCRYPTO_SRC}/crypto/rc5 \ + ${LCRYPTO_SRC}/crypto/ripemd \ + ${LCRYPTO_SRC}/crypto/rsa \ + ${LCRYPTO_SRC}/crypto/sha \ + ${LCRYPTO_SRC}/crypto/stack \ + ${LCRYPTO_SRC}/crypto/threads \ + ${LCRYPTO_SRC}/crypto/txt_db \ + ${LCRYPTO_SRC}/crypto/ui \ + ${LCRYPTO_SRC}/crypto/x509 \ + ${LCRYPTO_SRC}/crypto/x509v3 \ + ${LCRYPTO_SRC} \ + ${.CURDIR}/man diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 5891d3a..97d97e4 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -1,33 +1,71 @@ # $FreeBSD$ -LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl/crypto -CFLAGS+= -DTERMIOS -DANSI_SOURCE -I${LCRYPTO_SRC} -I${.OBJDIR} +LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl +LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc + +CFLAGS+= -DTERMIOS -DANSI_SOURCE -DOPENSSL_NO_KRB5 +CFLAGS+= -I${LCRYPTO_SRC} -I${LCRYPTO_SRC}/crypto -I${.OBJDIR} + .if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES -CFLAGS+= -DNO_IDEA +CFLAGS+= -DNO_IDEA +.else +_idea_h= idea/idea.h .endif .if ${MACHINE_ARCH} == "i386" -CFLAGS+= -DL_ENDIAN -DSHA1_ASM -DBN_ASM -DMD5_ASM -DRMD160_ASM +CFLAGS+= -DL_ENDIAN .elif ${MACHINE_ARCH} == "alpha" # no ENDIAN stuff defined for alpha (64-bit) .endif -WITH_RSA?= YES - -HDRS+= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \ - buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \ - des/des.h dh/dh.h dsa/dsa.h ../e_os.h ../e_os2.h ebcdic.h \ - err/err.h hmac/hmac.h lhash/lhash.h md2/md2.h \ - md5/md5.h mdc2/mdc2.h objects/objects.h opensslv.h pem/pem.h \ - pem/pem2.h pkcs12/pkcs12.h pkcs7/pkcs7.h rand/rand.h rc2/rc2.h \ - rc4/rc4.h rc5/rc5.h ripemd/ripemd.h rsa/rsa.h stack/safestack.h \ - sha/sha.h stack/stack.h tmdiff.h txt_db/txt_db.h x509/x509.h \ - x509/x509_vfy.h x509v3/x509v3.h symhacks.h objects/obj_mac.h \ - md4/md4.h dso/dso.h conf/conf_api.h - -.if defined(MAKE_IDEA) && ${MAKE_IDEA} == YES -HDRS+= idea/idea.h -.endif +HDRS+= \ + ../e_os.h ../e_os2.h \ + crypto.h \ + ebcdic.h \ + opensslv.h \ + ossl_typ.h \ + symhacks.h \ + tmdiff.h \ + aes/aes.h aes/aes_locl.h \ + asn1/asn1.h asn1/asn1_mac.h asn1/asn1t.h \ + bio/bio.h \ + bf/blowfish.h \ + bn/bn.h \ + buffer/buffer.h \ + cast/cast.h \ + comp/comp.h \ + conf/conf.h conf/conf_api.h \ + des/des.h des/des_old.h \ + dh/dh.h \ + dsa/dsa.h \ + dso/dso.h \ + ec/ec.h \ + engine/eng_int.h engine/engine.h engine/hw_4758_cca_err.h \ + engine/hw_aep_err.h engine/hw_atalla_err.h engine/hw_cswift_err.h \ + engine/hw_ncipher_err.h engine/hw_nuron_err.h engine/hw_sureware_err.h \ + engine/hw_ubsec_err.h \ + err/err.h \ + hmac/hmac.h \ + ${_idea_h} \ + krb5/krb5_asn.h \ + lhash/lhash.h \ + md2/md2.h \ + md4/md4.h \ + md5/md5.h \ + mdc2/mdc2.h \ + ocsp/ocsp.h \ + objects/objects.h objects/obj_mac.h \ + pem/pem.h pem/pem2.h \ + pkcs12/pkcs12.h pkcs7/pkcs7.h \ + rand/rand.h \ + rc2/rc2.h rc4/rc4.h rc5/rc5.h \ + ripemd/ripemd.h \ + rsa/rsa.h \ + stack/stack.h stack/safestack.h \ + sha/sha.h \ + txt_db/txt_db.h \ + ui/ui.h ui/ui_compat.h ui/ui_locl.h \ + x509/x509.h x509/x509_vfy.h x509v3/x509v3.h SRCS+= buildinf.h openssl/opensslconf.h openssl/evp.h CLEANFILES+= buildinf.h openssl/opensslconf.h openssl/evp.h @@ -41,11 +79,11 @@ buildinf.h: echo " #define DATE \"`LC_ALL=C date`\""; \ echo "#endif" ) > ${.TARGET} -openssl/opensslconf.h: ../libcrypto/opensslconf-${MACHINE_ARCH}.h +openssl/opensslconf.h: ../../lib/libcrypto/opensslconf-${MACHINE_ARCH}.h mkdir -p openssl cp ${.OODATE} ${.TARGET} -openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h +openssl/evp.h: ${LCRYPTO_SRC}/crypto/evp/evp.h mkdir -p openssl .if !defined(MAKE_IDEA) || ${MAKE_IDEA} != YES sed '/^#ifndef NO_IDEA$$/,/^#endif$$/d' ${.OODATE} > ${.TARGET} @@ -54,8 +92,17 @@ openssl/evp.h: ${LCRYPTO_SRC}/evp/evp.h .endif SRCS+= ${HDRS:T:S;^;openssl/;} -.for h in ${HDRS:S/^/${LCRYPTO_SRC}\//} +.for h in ${HDRS:S/^/${LCRYPTO_SRC}\/crypto\//} openssl/${h:T}: ${h} mkdir -p openssl ${INSTALL} -C -m 444 ${h} openssl .endfor + +man-update: + for i in `( cd ${LCRYPTO_DOC}/${LIB}${PROG} ; ls *.pod )` ; do \ + cp ${LCRYPTO_DOC}/${LIB}/$$i . ;\ + pod2man --section=3 --release="0.9.7" --center="OpenSSL" \ + $$i > ${.CURDIR}/man/$${i%%.pod}.3 ;\ + rm $$i ;\ + echo $${i%%.pod} ;\ + done diff --git a/secure/lib/libcrypto/des_crypt.3 b/secure/lib/libcrypto/des_crypt.3 deleted file mode 100644 index ed12ff9..0000000 --- a/secure/lib/libcrypto/des_crypt.3 +++ /dev/null @@ -1,509 +0,0 @@ -.\" $FreeBSD$ -.TH DES_CRYPT 3 -.SH NAME -des_read_password, des_read_2password, -des_string_to_key, des_string_to_2key, des_read_pw_string, -des_random_key, des_set_key, -des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt, -des_3cbc_encrypt, -des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt, -des_cbc_cksum, des_quad_cksum, -des_enc_read, des_enc_write, des_set_odd_parity, -des_is_weak_key, crypt \- (non USA) DES encryption -.SH SYNOPSIS -.nf -.nj -.ft B -#include <openssl/des.h> -.PP -.B int des_read_password(key,prompt,verify) -des_cblock *key; -char *prompt; -int verify; -.PP -.B int des_read_2password(key1,key2,prompt,verify) -des_cblock *key1,*key2; -char *prompt; -int verify; -.PP -.B int des_string_to_key(str,key) -char *str; -des_cblock *key; -.PP -.B int des_string_to_2keys(str,key1,key2) -char *str; -des_cblock *key1,*key2; -.PP -.B int des_read_pw_string(buf,length,prompt,verify) -char *buf; -int length; -char *prompt; -int verify; -.PP -.B int des_random_key(key) -des_cblock *key; -.PP -.B int des_set_key(key,schedule) -des_cblock *key; -des_key_schedule schedule; -.PP -.B int des_key_sched(key,schedule) -des_cblock *key; -des_key_schedule schedule; -.PP -.B int des_ecb_encrypt(input,output,schedule,encrypt) -des_cblock *input; -des_cblock *output; -des_key_schedule schedule; -int encrypt; -.PP -.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt) -des_cblock *input; -des_cblock *output; -des_key_schedule ks1,ks2; -int encrypt; -.PP -.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule sk1; -des_key_schedule sk2; -des_cblock *ivec1; -des_cblock *ivec2; -int encrypt; -.PP -.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt) -unsigned char *input; -unsigned char *output; -int numbits; -long length; -des_key_schedule schedule; -des_cblock *ivec; -int encrypt; -.PP -.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec) -unsigned char *input,*output; -int numbits; -long length; -des_key_schedule schedule; -des_cblock *ivec; -.PP -.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec) -des_cblock *input; -des_cblock *output; -long length; -des_key_schedule schedule; -des_cblock *ivec; -.PP -.B unsigned long des_quad_cksum(input,output,length,out_count,seed) -des_cblock *input; -des_cblock *output; -long length; -int out_count; -des_cblock *seed; -.PP -.B int des_check_key; -.PP -.B int des_enc_read(fd,buf,len,sched,iv) -int fd; -char *buf; -int len; -des_key_schedule sched; -des_cblock *iv; -.PP -.B int des_enc_write(fd,buf,len,sched,iv) -int fd; -char *buf; -int len; -des_key_schedule sched; -des_cblock *iv; -.PP -.B extern int des_rw_mode; -.PP -.B void des_set_odd_parity(key) -des_cblock *key; -.PP -.B int des_is_weak_key(key) -des_cblock *key; -.PP -.B char *crypt(passwd,salt) -char *passwd; -char *salt; -.PP -.fi -.SH DESCRIPTION -This library contains a fast implementation of the DES encryption -algorithm. -.PP -There are two phases to the use of DES encryption. -The first is the generation of a -.I des_key_schedule -from a key, -the second is the actual encryption. -A des key is of type -.I des_cblock. -This type is made from 8 characters with odd parity. -The least significant bit in the character is the parity bit. -The key schedule is an expanded form of the key; it is used to speed the -encryption process. -.PP -.I des_read_password -writes the string specified by prompt to the standard output, -turns off echo and reads an input string from standard input -until terminated with a newline. -If verify is non-zero, it prompts and reads the input again and verifies -that both entered passwords are the same. -The entered string is converted into a des key by using the -.I des_string_to_key -routine. -The new key is placed in the -.I des_cblock -that was passed (by reference) to the routine. -If there were no errors, -.I des_read_password -returns 0, --1 is returned if there was a terminal error and 1 is returned for -any other error. -.PP -.I des_read_2password -operates in the same way as -.I des_read_password -except that it generates 2 keys by using the -.I des_string_to_2key -function. -.PP -.I des_read_pw_string -is called by -.I des_read_password -to read and verify a string from a terminal device. -The string is returned in -.I buf. -The size of -.I buf -is passed to the routine via the -.I length -parameter. -.PP -.I des_string_to_key -converts a string into a valid des key. -.PP -.I des_string_to_2key -converts a string into 2 valid des keys. -This routine is best suited for used to generate keys for use with -.I des_ecb3_encrypt. -.PP -.I des_random_key -returns a random key that is made of a combination of process id, -time and an increasing counter. -.PP -Before a des key can be used it is converted into a -.I des_key_schedule -via the -.I des_set_key -routine. -If the -.I des_check_key -flag is non-zero, -.I des_set_key -will check that the key passed is of odd parity and is not a week or -semi-weak key. -If the parity is wrong, -then -1 is returned. -If the key is a weak key, -then -2 is returned. -If an error is returned, -the key schedule is not generated. -.PP -.I des_key_sched -is another name for the -.I des_set_key -function. -.PP -The following routines mostly operate on an input and output stream of -.I des_cblock's. -.PP -.I des_ecb_encrypt -is the basic DES encryption routine that encrypts or decrypts a single 8-byte -.I des_cblock -in -.I electronic code book -mode. -It always transforms the input data, pointed to by -.I input, -into the output data, -pointed to by the -.I output -argument. -If the -.I encrypt -argument is non-zero (DES_ENCRYPT), -the -.I input -(cleartext) is encrypted in to the -.I output -(ciphertext) using the key_schedule specified by the -.I schedule -argument, -previously set via -.I des_set_key. -If -.I encrypt -is zero (DES_DECRYPT), -the -.I input -(now ciphertext) -is decrypted into the -.I output -(now cleartext). -Input and output may overlap. -No meaningful value is returned. -.PP -.I des_ecb3_encrypt -encrypts/decrypts the -.I input -block by using triple ecb DES encryption. -This involves encrypting the input with -.I ks1, -decryption with the key schedule -.I ks2, -and then encryption with the first again. -This routine greatly reduces the chances of brute force breaking of -DES and has the advantage of if -.I ks1 -and -.I ks2 -are the same, it is equivalent to just encryption using ecb mode and -.I ks1 -as the key. -.PP -.I des_cbc_encrypt -encrypts/decrypts using the -.I cipher-block-chaining -mode of DES. -If the -.I encrypt -argument is non-zero, -the routine cipher-block-chain encrypts the cleartext data pointed to by the -.I input -argument into the ciphertext pointed to by the -.I output -argument, -using the key schedule provided by the -.I schedule -argument, -and initialisation vector provided by the -.I ivec -argument. -If the -.I length -argument is not an integral multiple of eight bytes, -the last block is copied to a temporary area and zero filled. -The output is always -an integral multiple of eight bytes. -To make multiple cbc encrypt calls on a large amount of data appear to -be one -.I des_cbc_encrypt -call, the -.I ivec -of subsequent calls should be the last 8 bytes of the output. -.PP -.I des_3cbc_encrypt -encrypts/decrypts the -.I input -block by using triple cbc DES encryption. -This involves encrypting the input with key schedule -.I ks1, -decryption with the key schedule -.I ks2, -and then encryption with the first again. -2 initialisation vectors are required, -.I ivec1 -and -.I ivec2. -Unlike -.I des_cbc_encrypt, -these initialisation vectors are modified by the subroutine. -This routine greatly reduces the chances of brute force breaking of -DES and has the advantage of if -.I ks1 -and -.I ks2 -are the same, it is equivalent to just encryption using cbc mode and -.I ks1 -as the key. -.PP -.I des_pcbc_encrypt -encrypt/decrypts using a modified block chaining mode. -It provides better error propagation characteristics than cbc -encryption. -.PP -.I des_cfb_encrypt -encrypt/decrypts using cipher feedback mode. This method takes an -array of characters as input and outputs and array of characters. It -does not require any padding to 8 character groups. Note: the ivec -variable is changed and the new changed value needs to be passed to -the next call to this function. Since this function runs a complete -DES ecb encryption per numbits, this function is only suggested for -use when sending small numbers of characters. -.PP -.I des_ofb_encrypt -encrypt using output feedback mode. This method takes an -array of characters as input and outputs and array of characters. It -does not require any padding to 8 character groups. Note: the ivec -variable is changed and the new changed value needs to be passed to -the next call to this function. Since this function runs a complete -DES ecb encryption per numbits, this function is only suggested for -use when sending small numbers of characters. -.PP -.I des_cbc_cksum -produces an 8 byte checksum based on the input stream (via cbc encryption). -The last 4 bytes of the checksum is returned and the complete 8 bytes is -placed in -.I output. -.PP -.I des_quad_cksum -returns a 4 byte checksum from the input bytes. -The algorithm can be iterated over the input, -depending on -.I out_count, -1, 2, 3 or 4 times. -If -.I output -is non-NULL, -the 8 bytes generated by each pass are written into -.I output. -.PP -.I des_enc_write -is used to write -.I len -bytes -to file descriptor -.I fd -from buffer -.I buf. -The data is encrypted via -.I pcbc_encrypt -(default) using -.I sched -for the key and -.I iv -as a starting vector. -The actual data send down -.I fd -consists of 4 bytes (in network byte order) containing the length of the -following encrypted data. The encrypted data then follows, padded with random -data out to a multiple of 8 bytes. -.PP -.I des_enc_read -is used to read -.I len -bytes -from file descriptor -.I fd -into buffer -.I buf. -The data being read from -.I fd -is assumed to have come from -.I des_enc_write -and is decrypted using -.I sched -for the key schedule and -.I iv -for the initial vector. -The -.I des_enc_read/des_enc_write -pair can be used to read/write to files, pipes and sockets. -I have used them in implementing a version of rlogin in which all -data is encrypted. -.PP -.I des_rw_mode -is used to specify the encryption mode to use with -.I des_enc_read -and -.I des_end_write. -If set to -.I DES_PCBC_MODE -(the default), des_pcbc_encrypt is used. -If set to -.I DES_CBC_MODE -des_cbc_encrypt is used. -These two routines and the variable are not part of the normal MIT library. -.PP -.I des_set_odd_parity -sets the parity of the passed -.I key -to odd. This routine is not part of the standard MIT library. -.PP -.I des_is_weak_key -returns 1 is the passed key is a weak key (pick again :-), -0 if it is ok. -This routine is not part of the standard MIT library. -.PP -.I crypt -is a replacement for the normal system crypt. -It is much faster than the system crypt. -.PP -.SH FILES -/usr/include/openssl/des.h -.br -/usr/lib/libcrypto.a -.PP -The encryption routines have been tested on 16bit, 32bit and 64bit -machines of various endian and even works under VMS. -.PP -.SH BUGS -.PP -If you think this manual is sparse, -read the des_crypt(3) manual from the MIT kerberos (or bones outside -of the USA) distribution. -.PP -.I des_cfb_encrypt -and -.I des_ofb_encrypt -operates on input of 8 bits. What this means is that if you set -numbits to 12, and length to 2, the first 12 bits will come from the 1st -input byte and the low half of the second input byte. The second 12 -bits will have the low 8 bits taken from the 3rd input byte and the -top 4 bits taken from the 4th input byte. The same holds for output. -This function has been implemented this way because most people will -be using a multiple of 8 and because once you get into pulling bytes input -bytes apart things get ugly! -.PP -.I des_read_pw_string -is the most machine/OS dependent function and normally generates the -most problems when porting this code. -.PP -.I des_string_to_key -is probably different from the MIT version since there are lots -of fun ways to implement one-way encryption of a text string. -.PP -The routines are optimised for 32 bit machines and so are not efficient -on IBM PCs. -.PP -NOTE: extensive work has been done on this library since this document -was origionally written. Please try to read des.doc from the libdes -distribution since it is far more upto date and documents more of the -functions. Libdes is now also being shipped as part of SSLeay, a -general cryptographic library that amonst other things implements -netscapes SSL protocoll. The most recent version can be found in -SSLeay distributions. -.SH AUTHOR -Eric Young (eay@cryptsoft.com) diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 new file mode 100644 index 0000000..8efcba9 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_OBJECT_new 3" +.TH ASN1_OBJECT_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& ASN1_OBJECT *ASN1_OBJECT_new(void); +\& void ASN1_OBJECT_free(ASN1_OBJECT *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1_OBJECT\s0 allocation routines, allocate and free an +\&\s-1ASN1_OBJECT\s0 structure, which represents an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIASN1_OBJECT_new()\fR allocates and initializes a \s-1ASN1_OBJECT\s0 structure. +.PP +\&\fIASN1_OBJECT_free()\fR frees up the \fB\s-1ASN1_OBJECT\s0\fR structure \fBa\fR. +.SH "NOTES" +.IX Header "NOTES" +Although \fIASN1_OBJECT_new()\fR allocates a new \s-1ASN1_OBJECT\s0 structure it +is almost never used in applications. The \s-1ASN1\s0 object utility functions +such as \fIOBJ_nid2obj()\fR are used instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIASN1_OBJECT_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIASN1_OBJECT_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_ASN1_OBJECT(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIASN1_OBJECT_new()\fR and \fIASN1_OBJECT_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 new file mode 100644 index 0000000..f824b27 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -0,0 +1,221 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:46 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_length 3" +.TH ASN1_STRING_length 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length, +ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data \- +\&\s-1ASN1_STRING\s0 utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& int ASN1_STRING_length(ASN1_STRING *x); +\& unsigned char * ASN1_STRING_data(ASN1_STRING *x); +.Ve +.Vb 1 +\& ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); +.Ve +.Vb 1 +\& int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +.Ve +.Vb 1 +\& int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +.Ve +.Vb 1 +\& int ASN1_STRING_type(ASN1_STRING *x); +.Ve +.Vb 1 +\& int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fB\s-1ASN1_STRING\s0\fR structure to be manipulated. +.PP +\&\fIASN1_STRING_length()\fR returns the length of the content of \fBx\fR. +.PP +\&\fIASN1_STRING_data()\fR returns an internal pointer to the data of \fBx\fR. +Since this is an internal pointer it should \fBnot\fR be freed or +modified in any way. +.PP +\&\fIASN1_STRING_dup()\fR returns a copy of the structure \fBa\fR. +.PP +\&\fIASN1_STRING_cmp()\fR compares \fBa\fR and \fBb\fR returning 0 if the two +are identical. The string types and content are compared. +.PP +\&\fIASN1_STRING_set()\fR sets the data of string \fBstr\fR to the buffer +\&\fBdata\fR or length \fBlen\fR. The supplied data is copied. If \fBlen\fR +is \-1 then the length is determined by strlen(data). +.PP +\&\fIASN1_STRING_type()\fR returns the type of \fBx\fR, using standard constants +such as \fBV_ASN1_OCTET_STRING\fR. +.PP +\&\fIASN1_STRING_to_UTF8()\fR converts the string \fBin\fR to \s-1UTF8\s0 format, the +converted data is allocated in a buffer in \fB*out\fR. The length of +\&\fBout\fR is returned or a negative error code. The buffer \fB*out\fR +should be free using \fIOPENSSL_free()\fR. +.SH "NOTES" +.IX Header "NOTES" +Almost all \s-1ASN1\s0 types in OpenSSL are represented as an \fB\s-1ASN1_STRING\s0\fR +structure. Other types such as \fB\s-1ASN1_OCTET_STRING\s0\fR are simply typedefed +to \fB\s-1ASN1_STRING\s0\fR and the functions call the \fB\s-1ASN1_STRING\s0\fR equivalents. +\&\fB\s-1ASN1_STRING\s0\fR is also used for some \fB\s-1CHOICE\s0\fR types which consist +entirely of primitive string types such as \fBDirectoryString\fR and +\&\fBTime\fR. +.PP +These functions should \fBnot\fR be used to examine or modify \fB\s-1ASN1_INTEGER\s0\fR +or \fB\s-1ASN1_ENUMERATED\s0\fR types: the relevant \fB\s-1INTEGER\s0\fR or \fB\s-1ENUMERATED\s0\fR +utility functions should be used instead. +.PP +In general it cannot be assumed that the data returned by \fIASN1_STRING_data()\fR +is null terminated or does not contain embedded nulls. The actual format +of the data will depend on the actual string type itself: for example +for and IA5String the data will be \s-1ASCII\s0, for a BMPString two bytes per +character in big endian format, UTF8String will be in \s-1UTF8\s0 format. +.PP +Similar care should be take to ensure the data is in the correct format +when calling \fIASN1_STRING_set()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 new file mode 100644 index 0000000..6942784 --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_new 3" +.TH ASN1_STRING_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \- +\&\s-1ASN1_STRING\s0 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& ASN1_STRING * ASN1_STRING_new(void); +\& ASN1_STRING * ASN1_STRING_type_new(int type); +\& void ASN1_STRING_free(ASN1_STRING *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIASN1_STRING_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure. Its type +is undefined. +.PP +\&\fIASN1_STRING_type_new()\fR returns an allocated \fB\s-1ASN1_STRING\s0\fR structure of +type \fBtype\fR. +.PP +\&\fIASN1_STRING_free()\fR frees up \fBa\fR. +.SH "NOTES" +.IX Header "NOTES" +Other string types call the \fB\s-1ASN1_STRING\s0\fR functions. For example +\&\fIASN1_OCTET_STRING_new()\fR calls ASN1_STRING_type(V_ASN1_OCTET_STRING). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIASN1_STRING_new()\fR and \fIASN1_STRING_type_new()\fR return a valid +\&\s-1ASN1_STRING\s0 structure or \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIASN1_STRING_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 new file mode 100644 index 0000000..d18ebec --- /dev/null +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -0,0 +1,230 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:26:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1_STRING_print_ex 3" +.TH ASN1_STRING_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/asn1.h> +.Ve +.Vb 3 +\& int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); +\& int ASN1_STRING_print(BIO *out, ASN1_STRING *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions output an \fB\s-1ASN1_STRING\s0\fR structure. \fB\s-1ASN1_STRING\s0\fR is used to +represent all the \s-1ASN1\s0 string types. +.PP +\&\fIASN1_STRING_print_ex()\fR outputs \fBstr\fR to \fBout\fR, the format is determined by +the options \fBflags\fR. \fIASN1_STRING_print_ex_fp()\fR is identical except it outputs +to \fBfp\fR instead. +.PP +\&\fIASN1_STRING_print()\fR prints \fBstr\fR to \fBout\fR but using a different format to +\&\fIASN1_STRING_print_ex()\fR. It replaces unprintable characters (other than \s-1CR\s0, \s-1LF\s0) +with '.'. +.SH "NOTES" +.IX Header "NOTES" +\&\fIASN1_STRING_print()\fR is a legacy function which should be avoided in new applications. +.PP +Although there are a large number of options frequently \fB\s-1ASN1_STRFLAGS_RFC2253\s0\fR is +suitable, or on \s-1UTF8\s0 terminals \fB\s-1ASN1_STRFLAGS_RFC2253\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR. +.PP +The complete set of supported options for \fBflags\fR is listed below. +.PP +Various characters can be escaped. If \fB\s-1ASN1_STRFLGS_ESC_2253\s0\fR is set the characters +determined by \s-1RFC2253\s0 are escaped. If \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0\fR is set control +characters are escaped. If \fB\s-1ASN1_STRFLGS_ESC_MSB\s0\fR is set characters with the +\&\s-1MSB\s0 set are escaped: this option should \fBnot\fR be used if the terminal correctly +interprets \s-1UTF8\s0 sequences. +.PP +Escaping takes several forms. +.PP +If the character being escaped is a 16 bit character then the form \*(L"\eWXXXX\*(R" is used +using exactly four characters for the hex representation. If it is 32 bits then +\&\*(L"\eUXXXXXXXX\*(R" is used using eight characters of its hex representation. These forms +will only be used if \s-1UTF8\s0 conversion is not set (see below). +.PP +Printable characters are normally escaped using the backslash '\e' character. If +\&\fB\s-1ASN1_STRFLGS_ESC_QUOTE\s0\fR is set then the whole string is instead surrounded by +double quote characters: this is arguably more readable than the backslash +notation. Other characters use the \*(L"\eXX\*(R" using exactly two characters of the hex +representation. +.PP +If \fB\s-1ASN1_STRFLGS_UTF8_CONVERT\s0\fR is set then characters are converted to \s-1UTF8\s0 +format first. If the terminal supports the display of \s-1UTF8\s0 sequences then this +option will correctly display multi byte characters. +.PP +If \fB\s-1ASN1_STRFLGS_IGNORE_TYPE\s0\fR is set then the string type is not interpreted at +all: everything is assumed to be one byte per character. This is primarily for +debugging purposes and can result in confusing output in multi character strings. +.PP +If \fB\s-1ASN1_STRFLGS_SHOW_TYPE\s0\fR is set then the string type itself is printed out +before its value (for example \*(L"\s-1BMPSTRING\s0\*(R"), this actually uses \fIASN1_tag2str()\fR. +.PP +The content of a string instead of being interpreted can be \*(L"dumped\*(R": this just +outputs the value of the string using the form #XXXX using hex format for each +octet. +.PP +If \fB\s-1ASN1_STRFLGS_DUMP_ALL\s0\fR is set then any type is dumped. +.PP +Normally non character string types (such as \s-1OCTET\s0 \s-1STRING\s0) are assumed to be +one byte per character, if \fB\s-1ASN1_STRFLAGS_DUMP_UNKNOWN\s0\fR is set then they will +be dumped instead. +.PP +When a type is dumped normally just the content octets are printed, if +\&\fB\s-1ASN1_STRFLGS_DUMP_DER\s0\fR is set then the complete encoding is dumped +instead (including tag and length octets). +.PP +\&\fB\s-1ASN1_STRFLGS_RFC2253\s0\fR includes all the flags required by \s-1RFC2253\s0. It is +equivalent to: + \s-1ASN1_STRFLGS_ESC_2253\s0 | \s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | + \s-1ASN1_STRFLGS_UTF8_CONVERT\s0 | \s-1ASN1_STRFLGS_DUMP_UNKNOWN\s0 \s-1ASN1_STRFLGS_DUMP_DER\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +X509_NAME_print_ex(3), +ASN1_tag2str(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index c7262a0..8f4965e 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:01 2002 +.\" Mon Jan 13 19:26:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index b525daa..21f513c 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:01 2002 +.\" Mon Jan 13 19:26:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_base64 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_base64 \- base64 \s-1BIO\s0 filter diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 5cb75b3..004c9e0 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:02 2002 +.\" Mon Jan 13 19:26:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_buffer 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_buffer \- buffering \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index a069642..dc6631b 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:03 2002 +.\" Mon Jan 13 19:26:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_cipher 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 3b9e097..e18bf11 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:03 2002 +.\" Mon Jan 13 19:26:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_md 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter @@ -168,7 +168,7 @@ Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and digest calculation and returns the digest value. \fIBIO_puts()\fR is not supported. .PP -\&\fIBIO_reset()\fR reinitializes a digest \s-1BIO\s0. +\&\fIBIO_reset()\fR reinitialises a digest \s-1BIO\s0. .PP \&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this must be called to initialize a digest \s-1BIO\s0 before any data is diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index f1d9b02..09f121c 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:04 2002 +.\" Mon Jan 13 19:26:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_null 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_null \- null filter diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 1e8d72a..6e8899a 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:05 2002 +.\" Mon Jan 13 19:26:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_f_ssl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index e11997d..e310bf8 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:05 2002 +.\" Mon Jan 13 19:26:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_find_type 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index ca5f4f8..138c367 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:06 2002 +.\" Mon Jan 13 19:26:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions diff --git a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 b/secure/lib/libcrypto/man/BIO_new_bio_pair.3 deleted file mode 100644 index d867de6..0000000 --- a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 +++ /dev/null @@ -1,232 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:06 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "BIO_new_bio_pair 3" -.TH BIO_new_bio_pair 3 "0.9.6e" "2000-11-12" "OpenSSL" -.UC -.SH "NAME" -BIO_new_bio_pair \- create a new \s-1BIO\s0 pair -.SH "SYNOPSIS" -.IX Header "SYNOPSIS" -.Vb 1 -\& #include <openssl/bio.h> -.Ve -.Vb 1 -\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); -.Ve -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -\&\fIBIO_new_bio_pair()\fR creates a buffering \s-1BIO\s0 pair. It has two endpoints between -data can be buffered. Its typical use is to connect one endpoint as underlying -input/output \s-1BIO\s0 to an \s-1SSL\s0 and access the other one controlled by the program -instead of accessing the network connection directly. -.PP -The two new BIOs \fBbio1\fR and \fBbio2\fR are symmetric with respect to their -functionality. The size of their buffers is determined by \fBwritebuf1\fR and -\&\fBwritebuf2\fR. If the size give is 0, the default size is used. -.PP -\&\fIBIO_new_bio_pair()\fR does not check whether \fBbio1\fR or \fBbio2\fR do point to -some other \s-1BIO\s0, the values are overwritten, \fIBIO_free()\fR is not called. -.PP -The two BIOs, even though forming a \s-1BIO\s0 pair and must be \fIBIO_free()\fR'ed -separately. This can be of importance, as some SSL-functions like \fISSL_set_bio()\fR -or \fISSL_free()\fR call \fIBIO_free()\fR implicitly, so that the peer-BIO is left -untouched and must also be \fIBIO_free()\fR'ed. -.SH "EXAMPLE" -.IX Header "EXAMPLE" -The \s-1BIO\s0 pair can be used to have full control over the network access of an -application. The application can call \fIselect()\fR on the socket as required -without having to go through the SSL-interface. -.PP -.Vb 6 -\& BIO *internal_bio, *network_bio; -\& ... -\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); -\& SSL_set_bio(ssl, internal_bio); -\& SSL_operations(); -\& ... -.Ve -.Vb 9 -\& application | TLS-engine -\& | | -\& +----------> SSL_operations() -\& | /\e || -\& | || \e/ -\& | BIO-pair (internal_bio) -\& +----------< BIO-pair (network_bio) -\& | | -\& socket | -.Ve -.Vb 4 -\& ... -\& SSL_free(ssl); /* implicitly frees internal_bio */ -\& BIO_free(network_bio); -\& ... -.Ve -As the \s-1BIO\s0 pair will only buffer the data and never directly access the -connection, it behaves non-blocking and will return as soon as the write -buffer is full or the read buffer is drained. Then the application has to -flush the write buffer and/or fill the read buffer. -.PP -Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 -and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to -find out, how many bytes must be written into the buffer before the -\&\fISSL_operation()\fR can successfully be continued. -.SH "IMPORTANT" -.IX Header "IMPORTANT" -As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 -condition, but there is still data in the write buffer. An application must -not rely on the error value of \fISSL_operation()\fR but must assure that the -write buffer is always flushed first. Otherwise a deadlock may occur as -the peer might be waiting for the data before being able to continue. -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -The following return values can occur: -.Ip "1" 4 -.IX Item "1" -The \s-1BIO\s0 pair was created successfully. The new BIOs are available in -\&\fBbio1\fR and \fBbio2\fR. -.Ip "0" 4 -The operation failed. The \s-1NULL\s0 pointer is stored into the locations for -\&\fBbio1\fR and \fBbio2\fR. Check the error stack for more information. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -SSL_set_bio(3), ssl(3), bio(3), -BIO_ctrl_pending(3), -BIO_ctrl_get_read_request(3) diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index ec94074..2baa42d 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:07 2002 +.\" Mon Jan 13 19:26:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_push 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_push, BIO_pop \- add and remove BIOs from a chain. diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index b844303..3cc3d7b 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:08 2002 +.\" Mon Jan 13 19:27:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_read 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index 3073f38..83cb87d 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:08 2002 +.\" Mon Jan 13 19:27:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,10 @@ .\" ====================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_accept 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port, +BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port, BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 .SH "SYNOPSIS" @@ -150,22 +150,22 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 \& #include <openssl/bio.h> .Ve .Vb 1 -\& BIO_METHOD * BIO_s_accept(void); +\& BIO_METHOD *BIO_s_accept(void); .Ve .Vb 2 -\& #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) -\& #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +\& long BIO_set_accept_port(BIO *b, char *name); +\& char *BIO_get_accept_port(BIO *b); .Ve .Vb 1 \& BIO *BIO_new_accept(char *host_port); .Ve .Vb 2 -\& #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) -\& #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) +\& long BIO_set_nbio_accept(BIO *b, int n); +\& long BIO_set_accept_bios(BIO *b, char *bio); .Ve .Vb 2 -\& #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) -\& #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +\& long BIO_set_bind_mode(BIO *b, long mode); +\& long BIO_get_bind_mode(BIO *b, long dummy); .Ve .Vb 3 \& #define BIO_BIND_NORMAL 0 @@ -173,14 +173,14 @@ BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 \& #define BIO_BIND_REUSEADDR 2 .Ve .Vb 1 -\& #define BIO_do_accept(b) BIO_do_handshake(b) +\& int BIO_do_accept(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket accept routines. .PP -Using accept BIOs \s-1TCP/IP\s0 connections can be accepted and data +Using accept BIOs, \s-1TCP/IP\s0 connections can be accepted and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP @@ -238,7 +238,7 @@ using \s-1BIO_BIND_REUSEADDR\s0. called, after the accept \s-1BIO\s0 has been setup, it will attempt to create the accept socket and bind an address to it. Second and subsequent calls to \fIBIO_do_accept()\fR will await an incoming -connection. +connection, or request a retry in non blocking mode. .SH "NOTES" .IX Header "NOTES" When an accept \s-1BIO\s0 is at the end of a chain it will await an @@ -275,6 +275,17 @@ perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable however because the accept \s-1BIO\s0 will still accept additional incoming connections. This can be resolved by using \fIBIO_pop()\fR (see above) and freeing up the accept \s-1BIO\s0 after the initial connection. +.PP +If the underlying accept socket is non-blocking and \fIBIO_do_accept()\fR is +called to await an incoming connection it is possible for +\&\fIBIO_should_io_special()\fR with the reason \s-1BIO_RR_ACCEPT\s0. If this happens +then it is an indication that an accept attempt would block: the application +should take appropriate action to wait until the underlying socket has +accepted a connection and retry the call. +.PP +\&\fIBIO_set_accept_port()\fR, \fIBIO_get_accept_port()\fR, \fIBIO_set_nbio_accept()\fR, +\&\fIBIO_set_accept_bios()\fR, \fIBIO_set_bind_mode()\fR, \fIBIO_get_bind_mode()\fR and +\&\fIBIO_do_accept()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 6c76cd9..49214db 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:09 2002 +.\" Mon Jan 13 19:27:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, @@ -223,7 +223,9 @@ If the size is not initialized a default value is used. This is currently \&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and \&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is -zero then the default size is used. +zero then the default size is used. \fIBIO_new_bio_pair()\fR does not check whether +\&\fBbio1\fR or \fBbio2\fR do point to some other \s-1BIO\s0, the values are overwritten, +\&\fIBIO_free()\fR is not called. .PP \&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum length of data that can be currently written to the \s-1BIO\s0. Writes larger than this @@ -263,9 +265,60 @@ buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be the application then waits for data to be available on the underlying transport before flushing the write buffer it will never succeed because the request was never sent! +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new_bio_pair()\fR returns 1 on success, with the new BIOs available in +\&\fBbio1\fR and \fBbio2\fR, or 0 on failure, with \s-1NULL\s0 pointers stored into the +locations for \fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.PP +[\s-1XXXXX:\s0 More return values need to be added here] .SH "EXAMPLE" .IX Header "EXAMPLE" -\&\s-1TBA\s0 +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fIselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 6 +\& BIO *internal_bio, *network_bio; +\& ... +\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); +\& SSL_set_bio(ssl, internal_bio, internal_bio); +\& SSL_operations(); +\& ... +.Ve +.Vb 9 +\& application | TLS-engine +\& | | +\& +----------> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO-pair (internal_bio) +\& +----------< BIO-pair (network_bio) +\& | | +\& socket | +.Ve +.Vb 4 +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fISSL_operation()\fR can successfully be continued. +.SH "WARNING" +.IX Header "WARNING" +As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fISSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. .SH "SEE ALSO" .IX Header "SEE ALSO" SSL_set_bio(3), ssl(3), bio(3), diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index fcb6a33..e4aae15 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:09 2002 +.\" Mon Jan 13 19:27:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_connect 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, @@ -153,28 +153,31 @@ BIO_set_nbio, BIO_do_connect \- connect \s-1BIO\s0 .Vb 1 \& BIO_METHOD * BIO_s_connect(void); .Ve +.Vb 1 +\& BIO *BIO_new_connect(char *name); +.Ve .Vb 8 -\& #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) -\& #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) -\& #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) -\& #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) -\& #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) -\& #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) -\& #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) -\& #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) +\& long BIO_set_conn_hostname(BIO *b, char *name); +\& long BIO_set_conn_port(BIO *b, char *port); +\& long BIO_set_conn_ip(BIO *b, char *ip); +\& long BIO_set_conn_int_port(BIO *b, char *port); +\& char *BIO_get_conn_hostname(BIO *b); +\& char *BIO_get_conn_port(BIO *b); +\& char *BIO_get_conn_ip(BIO *b, dummy); +\& long BIO_get_conn_int_port(BIO *b, int port); .Ve .Vb 1 -\& #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +\& long BIO_set_nbio(BIO *b, long n); .Ve .Vb 1 -\& #define BIO_do_connect(b) BIO_do_handshake(b) +\& int BIO_do_connect(BIO *b); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper round the platform's \s-1TCP/IP\s0 socket connection routines. .PP -Using connect BIOs \s-1TCP/IP\s0 connections can be made and data +Using connect BIOs, \s-1TCP/IP\s0 connections can be made and data transferred using only \s-1BIO\s0 routines. In this way any platform specific operations are hidden by the \s-1BIO\s0 abstraction. .PP @@ -197,7 +200,7 @@ to the same host again. it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP -\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname +\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname. The hostname can be an \s-1IP\s0 address. The hostname can also include the port in the form hostname:port . It is also acceptable to use the form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R". @@ -230,6 +233,9 @@ is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR should be made before the connection is established because non blocking I/O is set during the connect process. .PP +\&\fIBIO_new_connect()\fR combines \fIBIO_new()\fR and \fIBIO_set_conn_hostname()\fR into +a single call: that is it creates a new connect \s-1BIO\s0 with \fBname\fR. +.PP \&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 if the connection was established successfully. A zero or negative value is returned if the connection could not be established, the @@ -264,6 +270,11 @@ connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned then this is an indication that a connection attempt would block, the application should then take appropriate action to wait until the underlying socket has connected and retry the call. +.PP +\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR, +\&\fIBIO_set_conn_int_port()\fR, \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR, +\&\fIBIO_get_conn_ip()\fR, \fIBIO_get_conn_int_port()\fR, \fIBIO_set_nbio()\fR and +\&\fIBIO_do_connect()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index cade91f..861cf45 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:10 2002 +.\" Mon Jan 13 19:27:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index 6be9436..cb50f10 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:11 2002 +.\" Mon Jan 13 19:27:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index d3b422e..9b013a32 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:11 2002 +.\" Mon Jan 13 19:27:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_mem 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 0bf1015..b302476 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:12 2002 +.\" Mon Jan 13 19:27:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_null 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_null \- null data sink diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index e5fa8d4..53fa4ae 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:13 2002 +.\" Mon Jan 13 19:27:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_s_socket 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 @@ -148,11 +148,11 @@ BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 \& #include <openssl/bio.h> .Ve .Vb 1 -\& BIO_METHOD * BIO_s_socket(void); +\& BIO_METHOD *BIO_s_socket(void); .Ve .Vb 2 -\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) -\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +\& long BIO_set_fd(BIO *b, int fd, long close_flag); +\& long BIO_get_fd(BIO *b, int *c); .Ve .Vb 1 \& BIO *BIO_new_socket(int sock, int close_flag); @@ -169,10 +169,10 @@ If the close flag is set then the socket is shut down and closed when the \s-1BIO\s0 is freed. .PP \&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close -flag to \fBc\fR. +flag to \fBclose_flag\fR. .PP \&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also -returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). +returns the socket. If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). .PP \&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. .SH "NOTES" @@ -184,6 +184,8 @@ The reason for having separate file descriptor and socket BIOs is that on some platforms sockets are not file descriptors and use distinct I/O routines, Windows is one such platform. Any code mixing the two will not work on all platforms. +.PP +\&\fIBIO_set_fd()\fR and \fIBIO_get_fd()\fR are macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index a2a5996..b8e5ee4 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:13 2002 +.\" Mon Jan 13 19:27:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_set_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 38fc119..ba214df 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:14 2002 +.\" Mon Jan 13 19:27:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BIO_should_retry 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BIO_should_retry, BIO_should_read, BIO_should_write, diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index b4dff76..f4a4435 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:14 2002 +.\" Mon Jan 13 19:27:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures @@ -181,7 +181,7 @@ ERR_get_error(3). \&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_start(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 1629abf..f0d7ad2 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:15 2002 +.\" Mon Jan 13 19:27:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_CTX_start 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index 7b4b694..9b58ec0 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:16 2002 +.\" Mon Jan 13 19:27:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,11 +138,12 @@ .\" ====================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_add 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp, -BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd \- +arithmetic operations on BIGNUMs .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -157,21 +158,35 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .Vb 1 \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); .Ve +.Vb 1 +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +.Ve .Vb 2 \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); .Ve .Vb 1 -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); .Ve .Vb 1 -\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); .Ve .Vb 2 -\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); .Ve .Vb 1 +\& int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 1 \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); .Ve .Vb 2 @@ -183,45 +198,59 @@ BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIBN_add()\fR adds \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a+b\*(C'\fR). -\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +\&\fIBN_add()\fR adds \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. .PP -\&\fIBN_sub()\fR subtracts \fBb\fR from \fBa\fR and places the result in \fBr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +\&\fIBN_sub()\fR subtracts \fIb\fR from \fIa\fR and places the result in \fIr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). .PP -\&\fIBN_mul()\fR multiplies \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a*b\*(C'\fR). -\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +\&\fIBN_mul()\fR multiplies \fIa\fR and \fIb\fR and places the result in \fIr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For multiplication by powers of 2, use BN_lshift(3). .PP -\&\fIBN_div()\fR divides \fBa\fR by \fBd\fR and places the result in \fBdv\fR and the -remainder in \fBrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fBdv\fR and \fBrem\fR may -be \s-1NULL\s0, in which case the respective value is not returned. +\&\fIBN_sqr()\fR takes the square of \fIa\fR and places the result in \fIr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fIr\fR and \fIa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fIBN_div()\fR divides \fIa\fR by \fId\fR and places the result in \fIdv\fR and the +remainder in \fIrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fIdv\fR and \fIrem\fR may +be \fB\s-1NULL\s0\fR, in which case the respective value is not returned. +The result is rounded towards zero; thus if \fIa\fR is negative, the +remainder will be zero or negative. For division by powers of 2, use \fIBN_rshift\fR\|(3). .PP -\&\fIBN_sqr()\fR takes the square of \fBa\fR and places the result in \fBr\fR -(\f(CW\*(C`r=a^2\*(C'\fR). \fBr\fR and \fBa\fR may be the same \fB\s-1BIGNUM\s0\fR. -This function is faster than BN_mul(r,a,a). +\&\fIBN_mod()\fR corresponds to \fIBN_div()\fR with \fIdv\fR set to \fB\s-1NULL\s0\fR. +.PP +\&\fIBN_nnmod()\fR reduces \fIa\fR modulo \fIm\fR and places the non-negative +remainder in \fIr\fR. +.PP +\&\fIBN_mod_add()\fR adds \fIa\fR to \fIb\fR modulo \fIm\fR and places the non-negative +result in \fIr\fR. +.PP +\&\fIBN_mod_sub()\fR subtracts \fIb\fR from \fIa\fR modulo \fIm\fR and places the +non-negative result in \fIr\fR. .PP -\&\fIBN_mod()\fR find the remainder of \fBa\fR divided by \fBm\fR and places it in -\&\fBrem\fR (\f(CW\*(C`rem=a%m\*(C'\fR). +\&\fIBN_mod_mul()\fR multiplies \fIa\fR by \fIb\fR and finds the non-negative +remainder respective to modulus \fIm\fR (\f(CW\*(C`r=(a*b) mod m\*(C'\fR). \fIr\fR may be +the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or \fIb\fR. For more efficient algorithms for +repeated computations using the same modulus, see +BN_mod_mul_montgomery(3) and +BN_mod_mul_reciprocal(3). .PP -\&\fIBN_mod_mul()\fR multiplies \fBa\fR by \fBb\fR and finds the remainder when -divided by \fBm\fR (\f(CW\*(C`r=(a*b)%m\*(C'\fR). \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR -or \fBb\fR. For a more efficient algorithm, see -BN_mod_mul_montgomery(3); for repeated -computations using the same modulus, see BN_mod_mul_reciprocal(3). +\&\fIBN_mod_sqr()\fR takes the square of \fIa\fR modulo \fBm\fR and places the +result in \fIr\fR. .PP -\&\fIBN_exp()\fR raises \fBa\fR to the \fBp\fR\-th power and places the result in \fBr\fR +\&\fIBN_exp()\fR raises \fIa\fR to the \fIp\fR\-th power and places the result in \fIr\fR (\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of \&\fIBN_mul()\fR. .PP -\&\fIBN_mod_exp()\fR computes \fBa\fR to the \fBp\fR\-th power modulo \fBm\fR (\f(CW\*(C`r=a^p % +\&\fIBN_mod_exp()\fR computes \fIa\fR to the \fIp\fR\-th power modulo \fIm\fR (\f(CW\*(C`r=a^p % m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. .PP -\&\fIBN_gcd()\fR computes the greatest common divisor of \fBa\fR and \fBb\fR and -places the result in \fBr\fR. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or -\&\fBb\fR. +\&\fIBN_gcd()\fR computes the greatest common divisor of \fIa\fR and \fIb\fR and +places the result in \fIr\fR. \fIr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fIa\fR or +\&\fIb\fR. .PP -For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables; see BN_CTX_new(3). .PP Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from @@ -233,11 +262,13 @@ value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*( The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_CTX_new(3), +bn(3), ERR_get_error(3), BN_CTX_new(3), BN_add_word(3), BN_set_bit(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_div()\fR, \fIBN_sqr()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, +\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_sqr()\fR, \fIBN_div()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, \&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and -OpenSSL. The \fBctx\fR argument to \fIBN_mul()\fR was added in SSLeay +OpenSSL. The \fIctx\fR argument to \fIBN_mul()\fR was added in SSLeay 0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0. +\&\fIBN_nnmod()\fR, \fIBN_mod_add()\fR, \fIBN_mod_sub()\fR, and \fIBN_mod_sqr()\fR were added in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index d831194..4a95bb3 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:16 2002 +.\" Mon Jan 13 19:27:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_add_word 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic @@ -188,7 +188,7 @@ on error. The error codes can be obtained by ERR_get_error(3). \&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3) +bn(3), ERR_get_error(3), BN_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 6a81049..0dcb8ee 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:17 2002 +.\" Mon Jan 13 19:27:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH BN_bn2bin 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, @@ -221,7 +221,7 @@ returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_zero(3), +bn(3), ERR_get_error(3), BN_zero(3), ASN1_INTEGER_to_BN(3), BN_num_bytes(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index cb21425..0c6fa73 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:18 2002 +.\" Mon Jan 13 19:27:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_cmp 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 1277075..c4a875e 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:18 2002 +.\" Mon Jan 13 19:27:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_copy 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_copy, BN_dup \- copy BIGNUMs @@ -164,7 +164,7 @@ the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be ob by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3) +bn(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index 383ccf8..22fb350 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:19 2002 +.\" Mon Jan 13 19:27:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_generate_prime 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality @@ -220,7 +220,7 @@ prime with an error probability of less than 0.25^\fBchecks\fR, and The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), rand(3) +bn(3), ERR_get_error(3), rand(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index d5249c6..5e737b2 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:19 2002 +.\" Mon Jan 13 19:27:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_mod_inverse 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_inverse \- compute inverse modulo n @@ -165,7 +165,7 @@ variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. \&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3) +bn(3), ERR_get_error(3), BN_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index 28702ce..1e6a1fa 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:20 2002 +.\" Mon Jan 13 19:27:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init, @@ -180,22 +180,23 @@ using the same modulus. \&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. \&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR. .PP -\&\fIBN_MONT_CTX_set()\fR sets up the \fBmont\fR structure from the modulus \fBm\fR +\&\fIBN_MONT_CTX_set()\fR sets up the \fImont\fR structure from the modulus \fIm\fR by precomputing its inverse and a value R. .PP -\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fBfrom\fR to \fBto\fR. +\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fIfrom\fR to \fIto\fR. .PP \&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. .PP -\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fBa\fR,\fBb\fR):=\fBa\fR*\fBb\fR*R^\-1 and places -the result in \fBr\fR. +\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fIa\fR,\fIb\fR):=\fIa\fR*\fIb\fR*R^\-1 and places +the result in \fIr\fR. .PP -\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fBr\fR = \fBa\fR*R^\-1. +\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fIr\fR = \fIa\fR*R^\-1. .PP -\&\fIBN_to_montgomery()\fR computes Mont(\fBa\fR,R^2), i.e. \fBa\fR*R. +\&\fIBN_to_montgomery()\fR computes Mont(\fIa\fR,R^2), i.e. \fIa\fR*R. +Note that \fIa\fR must be non-negative and smaller than the modulus. .PP -For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +For all functions, \fIctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. .PP The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows: @@ -222,9 +223,13 @@ on error. .PP For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3). +.SH "WARNING" +.IX Header "WARNING" +The inputs must be reduced modulo \fBm\fR, otherwise the result will be +outside the expected range. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_new(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index db86899..de08e81 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:21 2002 +.\" Mon Jan 13 19:27:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init, @@ -211,7 +211,7 @@ For the other functions, 1 is returned for success, 0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), BN_add(3), +bn(3), ERR_get_error(3), BN_add(3), BN_CTX_new(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 150ee3f..711a512 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:21 2002 +.\" Mon Jan 13 19:27:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs @@ -184,7 +184,7 @@ by ERR_get_error(3). values. .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3) +bn(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 866e1e9..30517e2 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:22 2002 +.\" Mon Jan 13 19:27:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_num_bytes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 23e7399..717a0aa 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:22 2002 +.\" Mon Jan 13 19:27:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH BN_rand 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_rand, BN_pseudo_rand \- generate pseudo-random number @@ -186,7 +186,7 @@ The functions return 1 on success, 0 on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -bn(3), err(3), rand(3), +bn(3), ERR_get_error(3), rand(3), RAND_add(3), RAND_bytes(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index 5c5a4e1..88c276e 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:23 2002 +.\" Mon Jan 13 19:27:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH BN_set_bit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 new file mode 100644 index 0000000..d431ae9 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -0,0 +1,160 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:27:30 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_swap 3" +.TH BN_swap 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +BN_swap \- exchange BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& void BN_swap(BIGNUM *a, BIGNUM *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_swap()\fR exchanges the values of \fIa\fR and \fIb\fR. +.PP +bn(3) +.SH "HISTORY" +.IX Header "HISTORY" +BN_swap was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 61613e7..80417db 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:24 2002 +.\" Mon Jan 13 19:27:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH BN_zero 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment @@ -153,7 +153,7 @@ operations \& int BN_one(BIGNUM *a); .Ve .Vb 1 -\& BIGNUM *BN_value_one(void); +\& const BIGNUM *BN_value_one(void); .Ve .Vb 2 \& int BN_set_word(BIGNUM *a, unsigned long w); @@ -190,3 +190,6 @@ bn(3), BN_bn2bin(3) \&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in SSLeay 0.8. +.PP +\&\fIBN_value_one()\fR was changed to return a true const \s-1BIGNUM\s0 * in OpenSSL +0.9.7. diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index ef82f2b..c092894 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:24 2002 +.\" Mon Jan 13 19:27:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index a98535f..ef19bf1 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:25 2002 +.\" Mon Jan 13 19:27:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange @@ -179,7 +179,7 @@ on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), rand(3), DH_size(3) +dh(3), ERR_get_error(3), rand(3), DH_size(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 74b0d8a..06c93c1 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:25 2002 +.\" Mon Jan 13 19:27:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters @@ -196,7 +196,8 @@ If \fBgenerator\fR is not 2 or 5, \fBdh->g\fR=\fBgenerator\fR is not a usable generator. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), rand(3), DH_free(3) +dh(3), ERR_get_error(3), rand(3), +DH_free(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 2a9409a..2b741e8 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:26 2002 +.\" Mon Jan 13 19:27:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH DH_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 2a8546e..9c21b4f 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:27 2002 +.\" Mon Jan 13 19:27:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_new, DH_free \- allocate and free \s-1DH\s0 objects @@ -168,7 +168,7 @@ a pointer to the newly allocated structure. \&\fIDH_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), err(3), +dh(3), ERR_get_error(3), DH_generate_parameters(3), DH_generate_key(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 8a5c1b7..8dc77bb 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:27 2002 +.\" Mon Jan 13 19:27:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,51 +138,63 @@ .\" ====================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH DH_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -DH_set_default_method, DH_get_default_method, DH_set_method, -DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method +DH_set_default_method, DH_get_default_method, +DH_set_method, DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dh.h> +\& #include <openssl/engine.h> .Ve .Vb 1 -\& void DH_set_default_method(DH_METHOD *meth); +\& void DH_set_default_method(const DH_METHOD *meth); .Ve .Vb 1 -\& DH_METHOD *DH_get_default_method(void); +\& const DH_METHOD *DH_get_default_method(void); .Ve .Vb 1 -\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); +\& int DH_set_method(DH *dh, const DH_METHOD *meth); .Ve .Vb 1 -\& DH *DH_new_method(DH_METHOD *meth); +\& DH *DH_new_method(ENGINE *engine); .Ve .Vb 1 -\& DH_METHOD *DH_OpenSSL(void); +\& const DH_METHOD *DH_OpenSSL(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DH\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -Initially, the default is to use the OpenSSL internal implementation. -\&\fIDH_OpenSSL()\fR returns a pointer to that method. +Initially, the default \s-1DH_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIDH_OpenSSL()\fR. .PP -\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DH\s0\fR -structures created later. +\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DH\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has been set +as a default for \s-1DH\s0, so this function is no longer recommended. .PP -\&\fIDH_get_default_method()\fR returns a pointer to the current default -method. +\&\fIDH_get_default_method()\fR returns a pointer to the current default \s-1DH_METHOD\s0. +However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. .PP -\&\fIDH_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdh\fR. +\&\fIDH_set_method()\fR selects \fBmeth\fR to perform all operations using the key \fBdh\fR. +This will replace the \s-1DH_METHOD\s0 used by the \s-1DH\s0 key and if the previous method +was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will be released during the +change. It is possible to have \s-1DH\s0 keys that only work with certain \s-1DH_METHOD\s0 +implementations (eg. from an \s-1ENGINE\s0 module that supports embedded +hardware-protected keys), and in such cases attempting to change the \s-1DH_METHOD\s0 +for the key can have unexpected results. .PP -\&\fIDH_new_method()\fR allocates and initializes a \fB\s-1DH\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1DH\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. +\&\fIDH_new_method()\fR allocates and initializes a \s-1DH\s0 structure so that \fBengine\fR will +be used for the \s-1DH\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default \s-1ENGINE\s0 for \s-1DH\s0 +operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DH_METHOD\s0 controlled by +\&\fIDH_set_default_method()\fR is used. .SH "THE DH_METHOD STRUCTURE" .IX Header "THE DH_METHOD STRUCTURE" .Vb 4 @@ -229,12 +241,22 @@ the default method is used. .PP \&\fIDH_set_default_method()\fR returns no value. .PP -\&\fIDH_set_method()\fR returns a pointer to the \fB\s-1DH_METHOD\s0\fR previously -associated with \fBdh\fR. +\&\fIDH_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdh\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDH_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be -obtained by ERR_get_error(3) if the allocation fails. Otherwise it +\&\fIDH_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by +ERR_get_error(3) if the allocation fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1DH_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DH\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1DH\s0 defaults set using the \s-1DH\s0 \s-1API\s0 (ie. +\&\fIDH_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1DH\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" dh(3), DH_new(3) @@ -242,3 +264,13 @@ dh(3), DH_new(3) .IX Header "HISTORY" \&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR, \&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4. +.PP +\&\fIDH_set_default_openssl_method()\fR and \fIDH_get_default_openssl_method()\fR replaced +\&\fIDH_set_default_method()\fR and \fIDH_get_default_method()\fR respectively, and +\&\fIDH_set_method()\fR and \fIDH_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fB\s-1DH_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For +0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +change was reversed, and behaviour of the other functions resembled more closely +the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now +transparently overrides the behaviour of defaults in the \s-1DH\s0 \s-1API\s0 without +requiring changing these function prototypes. diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index 6ad0ac9..d33867b 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:28 2002 +.\" Mon Jan 13 19:27:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DH_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DH_size \- get Diffie-Hellman prime size diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index 32ca1de..365b177 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:29 2002 +.\" Mon Jan 13 19:27:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_SIG_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects @@ -169,7 +169,8 @@ to the newly allocated structure. \&\fIDSA_SIG_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), DSA_do_sign(3) +dsa(3), ERR_get_error(3), +DSA_do_sign(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index a99f6d4..3b3e058 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:29 2002 +.\" Mon Jan 13 19:27:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_do_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations @@ -175,7 +175,7 @@ on error. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_SIG_new(3), DSA_sign(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 19bbf6e..57cb355 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:30 2002 +.\" Mon Jan 13 19:27:42 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_dup_DH 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure @@ -148,7 +148,7 @@ DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure \& #include <openssl/dsa.h> .Ve .Vb 1 -\& DH * DSA_dup_DH(DSA *r); +\& DH * DSA_dup_DH(const DSA *r); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -164,7 +164,7 @@ error codes can be obtained by ERR_get_error(3). Be careful to avoid small subgroup attacks when using this. .SH "SEE ALSO" .IX Header "SEE ALSO" -dh(3), dsa(3), err(3) +dh(3), dsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index 75e9490..fa93ee5 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:30 2002 +.\" Mon Jan 13 19:27:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_generate_key \- generate \s-1DSA\s0 key pair @@ -162,7 +162,8 @@ The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR. The error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), DSA_generate_parameters(3) +dsa(3), ERR_get_error(3), rand(3), +DSA_generate_parameters(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIDSA_generate_key()\fR is available since SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index b9d4de7..9f9d01c 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:31 2002 +.\" Mon Jan 13 19:27:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_generate_parameters 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_generate_parameters \- generate \s-1DSA\s0 parameters @@ -209,7 +209,7 @@ obtained by ERR_get_error(3). Seed lengths > 20 are not supported. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_free(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 5638368..7f507a7 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:32 2002 +.\" Mon Jan 13 19:27:45 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index 2810cc8..2d194b7 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:32 2002 +.\" Mon Jan 13 19:27:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects @@ -155,7 +155,8 @@ DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. +\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. It is equivalent to +calling DSA_new_method(\s-1NULL\s0). .PP \&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are erased before the memory is returned to the system. @@ -169,7 +170,7 @@ to the newly allocated structure. \&\fIDSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), +dsa(3), ERR_get_error(3), DSA_generate_parameters(3), DSA_generate_key(3) .SH "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 3114fb2..40ba101 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:33 2002 +.\" Mon Jan 13 19:27:47 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,27 +138,28 @@ .\" ====================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH DSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -DSA_set_default_method, DSA_get_default_method, DSA_set_method, -DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method +DSA_set_default_method, DSA_get_default_method, +DSA_set_method, DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dsa.h> +\& #include <openssl/engine.h> .Ve .Vb 1 -\& void DSA_set_default_method(DSA_METHOD *meth); +\& void DSA_set_default_method(const DSA_METHOD *meth); .Ve .Vb 1 -\& DSA_METHOD *DSA_get_default_method(void); +\& const DSA_METHOD *DSA_get_default_method(void); .Ve .Vb 1 -\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); .Ve .Vb 1 -\& DSA *DSA_new_method(DSA_METHOD *meth); +\& DSA *DSA_new_method(ENGINE *engine); .Ve .Vb 1 \& DSA_METHOD *DSA_OpenSSL(void); @@ -167,22 +168,35 @@ DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method .IX Header "DESCRIPTION" A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. +such as hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1DSA\s0 \s-1API\s0 functions are affected by the use +of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -Initially, the default is to use the OpenSSL internal implementation. -\&\fIDSA_OpenSSL()\fR returns a pointer to that method. +Initially, the default \s-1DSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIDSA_OpenSSL()\fR. .PP -\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DSA\s0\fR -structures created later. +\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1DSA\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1DSA\s0, so this function is no longer recommended. .PP \&\fIDSA_get_default_method()\fR returns a pointer to the current default -method. +\&\s-1DSA_METHOD\s0. However, the meaningfulness of this result is dependant on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. .PP -\&\fIDSA_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdsa\fR. +\&\fIDSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1DSA_METHOD\s0 used by the \s-1DSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1DSA\s0 keys that only +work with certain \s-1DSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1DSA_METHOD\s0 for the key can have unexpected +results. .PP -\&\fIDSA_new_method()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure so that -\&\fBmethod\fR will be used for the \s-1DSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, -the default method is used. +\&\fIDSA_new_method()\fR allocates and initializes a \s-1DSA\s0 structure so that \fBengine\fR +will be used for the \s-1DSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the default engine +for \s-1DSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, the \s-1DSA_METHOD\s0 +controlled by \fIDSA_set_default_method()\fR is used. .SH "THE DSA_METHOD STRUCTURE" .IX Header "THE DSA_METHOD STRUCTURE" struct @@ -237,18 +251,27 @@ struct .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the -respective \fB\s-1DSA_METHOD\s0\fRs. +\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the respective +\&\fB\s-1DSA_METHOD\s0\fRs. .PP \&\fIDSA_set_default_method()\fR returns no value. .PP -\&\fIDSA_set_method()\fR returns a pointer to the \fB\s-1DSA_METHOD\s0\fR previously -associated with \fBdsa\fR. +\&\fIDSA_set_method()\fR returns non-zero if the provided \fBmeth\fR was successfully set as +the method for \fBdsa\fR (including unloading the \s-1ENGINE\s0 handle if the previous +method was supplied by an \s-1ENGINE\s0). .PP -\&\fIDSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be +\&\fIDSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained by ERR_get_error(3) if the allocation -fails. Otherwise it returns a pointer to the newly allocated -structure. +fails. Otherwise it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1DSA_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1DSA\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1DSA\s0 defaults set using the \s-1DSA\s0 \s-1API\s0 (ie. +\&\fIDSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1DSA\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" dsa(3), DSA_new(3) @@ -256,3 +279,13 @@ dsa(3), DSA_new(3) .IX Header "HISTORY" \&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR, \&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4. +.PP +\&\fIDSA_set_default_openssl_method()\fR and \fIDSA_get_default_openssl_method()\fR replaced +\&\fIDSA_set_default_method()\fR and \fIDSA_get_default_method()\fR respectively, and +\&\fIDSA_set_method()\fR and \fIDSA_new_method()\fR were altered to use \fB\s-1ENGINE\s0\fRs rather than +\&\fB\s-1DSA_METHOD\s0\fRs during development of the engine version of OpenSSL 0.9.6. For +0.9.7, the handling of defaults in the \s-1ENGINE\s0 \s-1API\s0 was restructured so that this +change was reversed, and behaviour of the other functions resembled more closely +the previous behaviour. The behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now +transparently overrides the behaviour of defaults in the \s-1DSA\s0 \s-1API\s0 without +requiring changing these function prototypes. diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 28c80a8..1f179a4 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:33 2002 +.\" Mon Jan 13 19:27:49 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures @@ -194,7 +194,7 @@ ERR_get_error(3). Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" -dsa(3), err(3), rand(3), +dsa(3), ERR_get_error(3), rand(3), DSA_do_sign(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index c3fe807..4240dc6 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:34 2002 +.\" Mon Jan 13 19:27:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH DSA_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" DSA_size \- get \s-1DSA\s0 signature size @@ -148,7 +148,7 @@ DSA_size \- get \s-1DSA\s0 signature size \& #include <openssl/dsa.h> .Ve .Vb 1 -\& int DSA_size(DSA *dsa); +\& int DSA_size(const DSA *dsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 4646117..31fbee7 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:35 2002 +.\" Mon Jan 13 19:27:51 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_GET_LIB 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index dfb3cae..4caf13d 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:35 2002 +.\" Mon Jan 13 19:27:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_clear_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_clear_error \- clear the error queue diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index aefdba4..1fccfac 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:36 2002 +.\" Mon Jan 13 19:27:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_error_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_error_string, ERR_error_string_n, ERR_lib_error_string, diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index d577510..d92e2cb 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:36 2002 +.\" Mon Jan 13 19:27:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,37 +138,46 @@ .\" ====================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_get_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line, -ERR_get_error_line_data, ERR_peek_error_line_data \- obtain error code and data +ERR_get_error, ERR_peek_error, ERR_peek_last_error, +ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, +ERR_get_error_line_data, ERR_peek_error_line_data, +ERR_peek_last_error_line_data \- obtain error code and data .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/err.h> .Ve -.Vb 2 +.Vb 3 \& unsigned long ERR_get_error(void); \& unsigned long ERR_peek_error(void); +\& unsigned long ERR_peek_last_error(void); .Ve -.Vb 2 +.Vb 3 \& unsigned long ERR_get_error_line(const char **file, int *line); \& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_peek_last_error_line(const char **file, int *line); .Ve -.Vb 4 +.Vb 6 \& unsigned long ERR_get_error_line_data(const char **file, int *line, \& const char **data, int *flags); \& unsigned long ERR_peek_error_line_data(const char **file, int *line, \& const char **data, int *flags); +\& unsigned long ERR_peek_last_error_line_data(const char **file, int *line, +\& const char **data, int *flags); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIERR_get_error()\fR returns the last error code from the thread's error +\&\fIERR_get_error()\fR returns the earliest error code from the thread's error queue and removes the entry. This function can be called repeatedly until there are no more error codes to return. .PP -\&\fIERR_peek_error()\fR returns the last error code from the thread's +\&\fIERR_peek_error()\fR returns the earliest error code from the thread's +error queue without modifying it. +.PP +\&\fIERR_peek_last_error()\fR returns the latest error code from the thread's error queue without modifying it. .PP See ERR_GET_LIB(3) for obtaining information about @@ -176,12 +185,14 @@ location and reason of the error, and ERR_error_string(3) for human-readable error messages. .PP -\&\fIERR_get_error_line()\fR and \fIERR_peek_error_line()\fR are the same as the -above, but they additionally store the file name and line number where +\&\fIERR_get_error_line()\fR, \fIERR_peek_error_line()\fR and +\&\fIERR_peek_last_error_line()\fR are the same as the above, but they +additionally store the file name and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP -\&\fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR store -additional data and flags associated with the error code in *\fBdata\fR +\&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and +\&\fIERR_get_last_error_line_data()\fR store additional data and flags +associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR. If it has been allocated by \fIOPENSSL_malloc()\fR, *\fBflags\fR&\fB\s-1ERR_TXT_MALLOCED\s0\fR is true. @@ -198,3 +209,5 @@ ERR_GET_LIB(3) \&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR were added in SSLeay 0.9.0. +\&\fIERR_peek_last_error()\fR, \fIERR_peek_last_error_line()\fR and +\&\fIERR_peek_last_error_line_data()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index e2a58cd..2215cf6 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:37 2002 +.\" Mon Jan 13 19:27:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_load_crypto_strings 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index 802da11..c997831 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:38 2002 +.\" Mon Jan 13 19:27:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_load_strings 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index cd6f53a..2929461 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:38 2002 +.\" Mon Jan 13 19:27:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_print_errors 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_print_errors, ERR_print_errors_fp \- print error messages diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 91ebc96..23ebd97 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:39 2002 +.\" Mon Jan 13 19:27:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ERR_put_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_put_error, ERR_add_error_data \- record an error diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index a6a23fe..64bd2aa 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:39 2002 +.\" Mon Jan 13 19:27:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH ERR_remove_state 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" ERR_remove_state \- free a thread's error queue diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 new file mode 100644 index 0000000..46fa6e7 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:01 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_BytesToKey 3" +.TH EVP_BytesToKey 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +.Vb 1 +\& EVP_BytesToKey - password based encryption routine +.Ve +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, +\& const unsigned char *salt, +\& const unsigned char *data, int datal, int count, +\& unsigned char *key,unsigned char *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_BytesToKey()\fR derives a key and \s-1IV\s0 from various parameters. \fBtype\fR is +the cipher to derive the key and \s-1IV\s0 for. \fBmd\fR is the message digest to use. +The \fBsalt\fR paramter is used as a salt in the derivation: it should point to +an 8 byte buffer or \s-1NULL\s0 if no salt is used. \fBdata\fR is a buffer containing +\&\fBdatal\fR bytes which is used to derive the keying data. \fBcount\fR is the +iteration count to use. The derived key and \s-1IV\s0 will be written to \fBkey\fR +and \fBiv\fR respectively. +.SH "NOTES" +.IX Header "NOTES" +A typical application of this function is to derive keying material for an +encryption algorithm from a password in the \fBdata\fR parameter. +.PP +Increasing the \fBcount\fR parameter slows down the algorithm which makes it +harder for an attacker to peform a brute force attack using a large number +of candidate passwords. +.PP +If the total key and \s-1IV\s0 length is less than the digest length and +\&\fB\s-1MD5\s0\fR is used then the derivation algorithm is compatible with PKCS#5 v1.5 +otherwise a non standard extension is used to derive the extra data. +.PP +Newer applications should use more standard algorithms such as PKCS#5 +v2.0 for key derivation. +.SH "KEY DERIVATION ALGORITHM" +.IX Header "KEY DERIVATION ALGORITHM" +The key and \s-1IV\s0 is derived by concatenating D_1, D_2, etc until +enough data is available for the key and \s-1IV\s0. D_i is defined as: +.PP +.Vb 1 +\& D_i = HASH^count(D_(i-1) || data || salt) +.Ve +where || denotes concatentaion, D_0 is empty, \s-1HASH\s0 is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) +is HASH(HASH(data)) and so on. +.PP +The initial bytes are used for the key and the subsequent bytes for +the \s-1IV\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_BytesToKey()\fR returns the size of the derived key in bytes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), rand(3), +EVP_EncryptInit(3), +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index e521c2e..ec683f0 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:40 2002 +.\" Mon Jan 13 19:28:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,12 +138,13 @@ .\" ====================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_DigestInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0, -EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, -EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, +EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, +EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, \s-1EVP_MAX_MD_SIZE\s0, +EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, +EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- \&\s-1EVP\s0 digest routines @@ -152,18 +153,34 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- .Vb 1 \& #include <openssl/evp.h> .Ve +.Vb 2 +\& void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +\& EVP_MD_CTX *EVP_MD_CTX_create(void); +.Ve .Vb 4 -\& void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); -\& void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); .Ve +.Vb 2 +\& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +\& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +.Ve .Vb 1 -\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +.Ve +.Vb 3 +\& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& unsigned int *s); .Ve .Vb 1 \& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); .Ve +.Vb 1 +\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +.Ve .Vb 4 \& #define EVP_MD_type(e) ((e)->type) \& #define EVP_MD_pkey_type(e) ((e)->pkey_type) @@ -177,15 +194,15 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- \& #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) .Ve .Vb 9 -\& EVP_MD *EVP_md_null(void); -\& EVP_MD *EVP_md2(void); -\& EVP_MD *EVP_md5(void); -\& EVP_MD *EVP_sha(void); -\& EVP_MD *EVP_sha1(void); -\& EVP_MD *EVP_dss(void); -\& EVP_MD *EVP_dss1(void); -\& EVP_MD *EVP_mdc2(void); -\& EVP_MD *EVP_ripemd160(void); +\& const EVP_MD *EVP_md_null(void); +\& const EVP_MD *EVP_md2(void); +\& const EVP_MD *EVP_md5(void); +\& const EVP_MD *EVP_sha(void); +\& const EVP_MD *EVP_sha1(void); +\& const EVP_MD *EVP_dss(void); +\& const EVP_MD *EVP_dss1(void); +\& const EVP_MD *EVP_mdc2(void); +\& const EVP_MD *EVP_ripemd160(void); .Ve .Vb 3 \& const EVP_MD *EVP_get_digestbyname(const char *name); @@ -196,25 +213,48 @@ EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- .IX Header "DESCRIPTION" The \s-1EVP\s0 digest routines are a high level interface to message digests. .PP -\&\fIEVP_DigestInit()\fR initializes a digest context \fBctx\fR to use a digest -\&\fBtype\fR: this will typically be supplied by a function such as -\&\fIEVP_sha1()\fR. +\&\fIEVP_MD_CTX_init()\fR initializes digest contet \fBctx\fR. +.PP +\&\fIEVP_MD_CTX_create()\fR allocates, initializes and returns a digest contet. +.PP +\&\fIEVP_DigestInit_ex()\fR sets up digest context \fBctx\fR to use a digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized before calling this +function. \fBtype\fR will typically be supplied by a functionsuch as \fIEVP_sha1()\fR. +If \fBimpl\fR is \s-1NULL\s0 then the default implementation of digest \fBtype\fR is used. .PP \&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the digest context \fBctx\fR. This function can be called several times on the same \fBctx\fR to hash additional data. .PP -\&\fIEVP_DigestFinal()\fR retrieves the digest value from \fBctx\fR and places +\&\fIEVP_DigestFinal_ex()\fR retrieves the digest value from \fBctx\fR and places it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the digest) will be written to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. -After calling \fIEVP_DigestFinal()\fR no additional calls to \fIEVP_DigestUpdate()\fR -can be made, but \fIEVP_DigestInit()\fR can be called to initialize a new +After calling \fIEVP_DigestFinal_ex()\fR no additional calls to \fIEVP_DigestUpdate()\fR +can be made, but \fIEVP_DigestInit_ex()\fR can be called to initialize a new digest operation. .PP -\&\fIEVP_MD_CTX_copy()\fR can be used to copy the message digest state from +\&\fIEVP_MD_CTX_cleanup()\fR cleans up digest context \fBctx\fR, it should be called +after a digest context is no longer needed. +.PP +\&\fIEVP_MD_CTX_destroy()\fR cleans up digest context \fBctx\fR and frees up the +space allocated to it, it should be called only on a context created +using \fIEVP_MD_CTX_create()\fR. +.PP +\&\fIEVP_MD_CTX_copy_ex()\fR can be used to copy the message digest state from \&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be -hashed which only differ in the last few bytes. +hashed which only differ in the last few bytes. \fBout\fR must be initialized +before calling this function. +.PP +\&\fIEVP_DigestInit()\fR behaves in the same way as \fIEVP_DigestInit_ex()\fR except +the passed context \fBctx\fR does not have to be initialized, and it always +uses the default digest implementation. +.PP +\&\fIEVP_DigestFinal()\fR is similar to \fIEVP_DigestFinal_ex()\fR except the digest +contet \fBctx\fR is automatically cleaned up. +.PP +\&\fIEVP_MD_CTX_copy()\fR is similar to \fIEVP_MD_CTX_copy_ex()\fR except the destination +\&\fBout\fR does not have to be initialized. .PP \&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the @@ -252,9 +292,10 @@ an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initializ using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR do not return values. +\&\fIEVP_DigestInit_ex()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal_ex()\fR return 1 for +success and 0 for failure. .PP -\&\fIEVP_MD_CTX_copy()\fR returns 1 if successful or 0 for failure. +\&\fIEVP_MD_CTX_copy_ex()\fR returns 1 if successful or 0 for failure. .PP \&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. @@ -277,6 +318,19 @@ transparent to the digest used and much more flexible. .PP \&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms are still in common use. +.PP +For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be +set to \s-1NULL\s0 to use the default digest implementation. +.PP +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +obsolete but are retained to maintain compatibility with existing code. New +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +\&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context +instead of initializing and cleaning it up on each call and allow non default +implementations of digests to be specified. +.PP +In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use +memory leaks will occur. .SH "EXAMPLE" .IX Header "EXAMPLE" This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the @@ -314,11 +368,13 @@ digest name passed on the command line. \& exit(1); \& } .Ve -.Vb 4 -\& EVP_DigestInit(&mdctx, md); +.Vb 6 +\& EVP_MD_CTX_init(&mdctx); +\& EVP_DigestInit_ex(&mdctx, md, NULL); \& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); \& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); -\& EVP_DigestFinal(&mdctx, md_value, &md_len); +\& EVP_DigestFinal_ex(&mdctx, md_value, &md_len); +\& EVP_MD_CTX_cleanup(&mdctx); .Ve .Vb 4 \& printf("Digest is: "); @@ -328,16 +384,9 @@ digest name passed on the command line. .Ve .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. -.PP The link between digests and signing algorithms results in a situation where \&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0 even though they are identical digests. -.PP -The size of an \fB\s-1EVP_MD_CTX\s0\fR structure is determined at compile time: this results -in code that must be recompiled if the size of \fB\s-1EVP_MD_CTX\s0\fR increases. .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3), hmac(3), md2(3), @@ -347,3 +396,11 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_MD_CTX_init()\fR, \fIEVP_MD_CTX_create()\fR, \fIEVP_MD_CTX_copy_ex()\fR, +\&\fIEVP_MD_CTX_cleanup()\fR, \fIEVP_MD_CTX_destroy()\fR, \fIEVP_DigestInit_ex()\fR +and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. +.PP +\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, +\&\fIEVP_dss()\fR, \fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR were +changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index cfab0cc..fd8d428 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:41 2002 +.\" Mon Jan 13 19:28:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,50 +138,76 @@ .\" ====================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_EncryptInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit, -EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate, -EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, -EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid, -EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, -EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, -EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, -EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, -EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, -EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, -EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines +EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, +EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, +EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, +EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, +EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, +EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, +EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, +EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, +EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, +EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, +EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, +EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, +EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, +EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, +EVP_CIPHER_CTX_set_padding \- \s-1EVP\s0 cipher routines .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/evp.h> .Ve +.Vb 1 +\& int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); +.Ve .Vb 6 -\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv); \& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); -\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl); .Ve .Vb 6 -\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv); \& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); -\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, \& int *outl); .Ve .Vb 6 -\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, -\& unsigned char *key, unsigned char *iv, int enc); +\& int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); \& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, \& int *outl, unsigned char *in, int inl); +\& int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 4 +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv, int enc); \& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, \& int *outl); .Ve -.Vb 3 +.Vb 4 +\& int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); \& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); \& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); \& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); @@ -221,14 +247,19 @@ EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines The \s-1EVP\s0 cipher routines are a high level interface to certain symmetric ciphers. .PP -\&\fIEVP_EncryptInit()\fR initializes a cipher context \fBctx\fR for encryption -with cipher \fBtype\fR. \fBtype\fR is normally supplied by a function such -as \fIEVP_des_cbc()\fR . \fBkey\fR is the symmetric key to use and \fBiv\fR is the -\&\s-1IV\s0 to use (if necessary), the actual number of bytes used for the -key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters -to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining -parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL\s0. -This is done when the default cipher parameters are not appropriate. +\&\fIEVP_CIPHER_CTX_init()\fR initializes cipher contex \fBctx\fR. +.PP +\&\fIEVP_EncryptInit_ex()\fR sets up cipher context \fBctx\fR for encryption +with cipher \fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized +before calling this function. \fBtype\fR is normally supplied +by a function such as \fIEVP_des_cbc()\fR. If \fBimpl\fR is \s-1NULL\s0 then the +default implementation is used. \fBkey\fR is the symmetric key to use +and \fBiv\fR is the \s-1IV\s0 to use (if necessary), the actual number of bytes +used for the key and \s-1IV\s0 depends on the cipher. It is possible to set +all parameters to \s-1NULL\s0 except \fBtype\fR in an initial call and supply +the remaining parameters in subsequent calls, all of which have \fBtype\fR +set to \s-1NULL\s0. This is done when the default cipher parameters are not +appropriate. .PP \&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and writes the encrypted version to \fBout\fR. This function can be called @@ -236,32 +267,49 @@ multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data: as a result the amount of data written may be anything from zero bytes to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient -room. The actual number of bytes written is placed in \fBoutl\fR. +room. The actual number of bytes written is placed in \fBoutl\fR. +.PP +If padding is enabled (the default) then \fIEVP_EncryptFinal_ex()\fR encrypts +the \*(L"final\*(R" data, that is any data that remains in a partial block. +It uses standard block padding (aka \s-1PKCS\s0 padding). The encrypted +final data is written to \fBout\fR which should have sufficient space for +one cipher block. The number of bytes written is placed in \fBoutl\fR. After +this function is called the encryption operation is finished and no further +calls to \fIEVP_EncryptUpdate()\fR should be made. .PP -\&\fIEVP_EncryptFinal()\fR encrypts the \*(L"final\*(R" data, that is any data that -remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 -padding). The encrypted final data is written to \fBout\fR which should -have sufficient space for one cipher block. The number of bytes written -is placed in \fBoutl\fR. After this function is called the encryption operation -is finished and no further calls to \fIEVP_EncryptUpdate()\fR should be made. +If padding is disabled then \fIEVP_EncryptFinal_ex()\fR will not encrypt any more +data and it will return an error if any data remains in a partial block: +that is if the total data length is not a multiple of the block size. .PP -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR are the +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal_ex()\fR are the corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an -error code if the final block is not correctly formatted. The parameters -and restrictions are identical to the encryption operations except that -the decrypted data buffer \fBout\fR passed to \fIEVP_DecryptUpdate()\fR should -have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the -cipher block size is 1 in which case \fBinl\fR bytes is sufficient. -.PP -\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR are functions -that can be used for decryption or encryption. The operation performed -depends on the value of the \fBenc\fR parameter. It should be set to 1 for -encryption, 0 for decryption and \-1 to leave the value unchanged (the -actual value of 'enc' being supplied in a previous call). -.PP -\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context. -It should be called after all operations using a cipher are complete -so sensitive information does not remain in memory. +error code if padding is enabled and the final block is not correctly +formatted. The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer \fBout\fR +passed to \fIEVP_DecryptUpdate()\fR should have sufficient room for +(\fBinl\fR + cipher_block_size) bytes unless the cipher block size is 1 in +which case \fBinl\fR bytes is sufficient. +.PP +\&\fIEVP_CipherInit_ex()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal_ex()\fR are +functions that can be used for decryption or encryption. The operation +performed depends on the value of the \fBenc\fR parameter. It should be set +to 1 for encryption, 0 for decryption and \-1 to leave the value unchanged +(the actual value of 'enc' being supplied in a previous call). +.PP +\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context +and free up any allocated memory associate with it. It should be called +after all operations using a cipher are complete so sensitive information +does not remain in memory. +.PP +\&\fIEVP_EncryptInit()\fR, \fIEVP_DecryptInit()\fR and \fIEVP_CipherInit()\fR behave in a +similar way to \fIEVP_EncryptInit_ex()\fR, EVP_DecryptInit_ex and +\&\fIEVP_CipherInit_ex()\fR except the \fBctx\fR paramter does not need to be +initialized and they always use the default cipher implementation. +.PP +\&\fIEVP_EncryptFinal()\fR, \fIEVP_DecryptFinal()\fR and \fIEVP_CipherFinal()\fR behave in a +similar way to \fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptFinal_ex()\fR and +\&\fIEVP_CipherFinal_ex()\fR except \fBctx\fR is automatically cleaned up +after the call. .PP \&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an @@ -272,6 +320,13 @@ passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The value is an internal value which may not have a corresponding \s-1OBJECT\s0 \&\s-1IDENTIFIER\s0. .PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR enables or disables padding. By default +encryption operations are padded using standard block padding and the +padding is checked and removed when decrypting. If the \fBpad\fR parameter +is zero then no padding is performed, the total amount of data encrypted +or decrypted must then be a multiple of the block size or an error will +occur. +.PP \&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length @@ -331,14 +386,14 @@ and set. Currently only the \s-1RC2\s0 effective key length and the number of ro \&\s-1RC5\s0 can be set. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR return 1 for success -and 0 for failure. +EVP_CIPHER_CTX_init, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptUpdate()\fR and +\&\fIEVP_EncryptFinal_ex()\fR return 1 for success and 0 for failure. .PP -\&\fIEVP_DecryptInit()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_DecryptFinal()\fR returns 0 if the decrypt failed or 1 for success. +\&\fIEVP_DecryptInit_ex()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_DecryptFinal_ex()\fR returns 0 if the decrypt failed or 1 for success. .PP -\&\fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. -\&\fIEVP_CipherFinal()\fR returns 0 for a decryption failure or 1 for success. +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_CipherFinal_ex()\fR returns 0 for a decryption failure or 1 for success. .PP \&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure. .PP @@ -353,6 +408,8 @@ size. \&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key length. .PP +\&\fIEVP_CIPHER_CTX_set_padding()\fR always returns 1. +.PP \&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 length or zero if the cipher does not use an \s-1IV\s0. .PP @@ -428,24 +485,25 @@ encrypted then 5 padding bytes of value 5 will be added. .PP When decrypting the final block is checked to see if it has the correct form. .PP -Although the decryption operation can produce an error, it is not a strong -test that the input data or key is correct. A random block has better than -1 in 256 chance of being of the correct format and problems with the -input data earlier on will not produce a final decrypt error. -.PP -The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR, \fIEVP_EncryptFinal()\fR, -\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR -and \fIEVP_CIPHER_CTX_cleanup()\fR did not return errors in OpenSSL version 0.9.5a or -earlier. Software only versions of encryption algorithms will never return -error codes for these functions, unless there is a programming error (for example -and attempt to set the key before the cipher is set in \fIEVP_EncryptInit()\fR ). +Although the decryption operation can produce an error if padding is enabled, +it is not a strong test that the input data or key is correct. A random block +has better than 1 in 256 chance of being of the correct format and problems with +the input data earlier on will not produce a final decrypt error. +.PP +If padding is disabled then the decryption operation will always succeed if +the total amount of data decrypted is a multiple of the block size. +.PP +The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptFinal()\fR, \fIEVP_DecryptInit()\fR, +\&\fIEVP_CipherInit()\fR and \fIEVP_CipherFinal()\fR are obsolete but are retained for +compatibility with existing code. New code should use \fIEVP_EncryptInit_ex()\fR, +\&\fIEVP_EncryptFinal_ex()\fR, \fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, +\&\fIEVP_CipherInit_ex()\fR and \fIEVP_CipherFinal_ex()\fR because they can reuse an +existing context without allocating and freeing it up on each call. .SH "BUGS" .IX Header "BUGS" For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface. .PP -It should be possible to disable \s-1PKCS\s0 padding: currently it isn't. -.PP \&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with default key lengths. If custom ciphers exceed these values the results are unpredictable. This is because it has become standard practice to define a @@ -459,28 +517,128 @@ Get the number of rounds used in \s-1RC5:\s0 .PP .Vb 2 \& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); .Ve Get the \s-1RC2\s0 effective key length: .PP .Vb 2 \& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); .Ve Set the number of rounds used in \s-1RC5:\s0 .PP .Vb 2 \& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL); +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); .Ve -Set the number of rounds used in \s-1RC2:\s0 +Set the effective key length used in \s-1RC2:\s0 .PP .Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL); +\& int key_bits; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); +.Ve +Encrypt a string using blowfish: +.PP +.Vb 14 +\& int do_crypt(char *outfile) +\& { +\& unsigned char outbuf[1024]; +\& int outlen, tmplen; +\& /* Bogus key and IV: we'd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; +\& unsigned char iv[] = {1,2,3,4,5,6,7,8}; +\& char intext[] = "Some Crypto Text"; +\& EVP_CIPHER_CTX ctx; +\& FILE *out; +\& EVP_CIPHER_CTX_init(&ctx); +\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); +.Ve +.Vb 25 +\& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) +\& { +\& /* Error */ +\& return 0; +\& } +\& /* Buffer passed to EVP_EncryptFinal() must be after data just +\& * encrypted to avoid overwriting it. +\& */ +\& if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& outlen += tmplen; +\& EVP_CIPHER_CTX_cleanup(&ctx); +\& /* Need binary mode for fopen because encrypted data is +\& * binary data. Also cannot use strlen() on it because +\& * it wont be null terminated and may contain embedded +\& * nulls. +\& */ +\& out = fopen(outfile, "wb"); +\& fwrite(outbuf, 1, outlen, out); +\& fclose(out); +\& return 1; +\& } +.Ve +The ciphertext from the above example can be decrypted using the \fBopenssl\fR +utility with the command line: +.PP +.Vb 1 +\& S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d> +.Ve +General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an +80 bit key: +.PP +.Vb 16 +\& int do_crypt(FILE *in, FILE *out, int do_encrypt) +\& { +\& /* Allow enough space in output buffer for additional block */ +\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; +\& int inlen, outlen; +\& /* Bogus key and IV: we'd normally set these from +\& * another source. +\& */ +\& unsigned char key[] = "0123456789"; +\& unsigned char iv[] = "12345678"; +\& /* Don't set key or IV because we will modify the parameters */ +\& EVP_CIPHER_CTX_init(&ctx); +\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); +\& EVP_CIPHER_CTX_set_key_length(&ctx, 10); +\& /* We finished modifying parameters so now we can set key and IV */ +\& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); +.Ve +.Vb 17 +\& for(;;) +\& { +\& inlen = fread(inbuf, 1, 1024, in); +\& if(inlen <= 0) break; +\& if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +\& } +\& if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) +\& { +\& /* Error */ +\& return 0; +\& } +\& fwrite(outbuf, 1, outlen, out); +.Ve +.Vb 3 +\& EVP_CIPHER_CTX_cleanup(&ctx); +\& return 1; +\& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fIEVP_CIPHER_CTX_init()\fR, \fIEVP_EncryptInit_ex()\fR, \fIEVP_EncryptFinal_ex()\fR, +\&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR, +\&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index 8b1de4d..d873c12 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:41 2002 +.\" Mon Jan 13 19:28:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH EVP_OpenInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 new file mode 100644 index 0000000..742e5e4 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:06 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_PKEY_new 3" +.TH EVP_PKEY_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 2 +\& EVP_PKEY *EVP_PKEY_new(void); +\& void EVP_PKEY_free(EVP_PKEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIEVP_PKEY_new()\fR function allocates an empty \fB\s-1EVP_PKEY\s0\fR +structure which is used by OpenSSL to store private keys. +.PP +\&\fIEVP_PKEY_free()\fR frees up the private key \fBkey\fR. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP_PKEY\s0\fR structure is used by various OpenSSL functions +which require a general private key without reference to any +particular algorithm. +.PP +The structure returned by \fIEVP_PKEY_new()\fR is empty. To add a +private key to this empty structure the functions described in +EVP_PKEY_set1_RSA(3) should be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_new()\fR returns either the newly allocated \fB\s-1EVP_PKEY\s0\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.PP +\&\fIEVP_PKEY_free()\fR does not return a value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_PKEY_set1_RSA(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 new file mode 100644 index 0000000..3a5a958 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,217 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:07 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_PKEY_set1_RSA 3" +.TH EVP_PKEY_set1_RSA 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY, +EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY, +EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY, +EVP_PKEY_type \- \s-1EVP_PKEY\s0 assignment functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key); +\& int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key); +\& int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key); +\& int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); +.Ve +.Vb 4 +\& RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +\& DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +\& DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +\& EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +.Ve +.Vb 4 +\& int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key); +\& int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key); +\& int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key); +\& int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key); +.Ve +.Vb 1 +\& int EVP_PKEY_type(int type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR set the key referenced by \fBpkey\fR to \fBkey\fR. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or +\&\fB\s-1NULL\s0\fR if the key is not of the correct type. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR +however these use the supplied \fBkey\fR internally and so \fBkey\fR +will be freed when the parent \fBpkey\fR is freed. +.PP +\&\fIEVP_PKEY_type()\fR returns the type of key corresponding to the value +\&\fBtype\fR. The type of a key can be obtained with +EVP_PKEY_type(pkey->type). The return value will be \s-1EVP_PKEY_RSA\s0, +\&\s-1EVP_PKEY_DSA\s0, \s-1EVP_PKEY_DH\s0 or \s-1EVP_PKEY_EC\s0 for the corresponding +key types or NID_undef if the key type is unassigned. +.SH "NOTES" +.IX Header "NOTES" +In accordance with the OpenSSL naming convention the key obtained +from or assigned to the \fBpkey\fR using the \fB1\fR functions must be +freed as well as \fBpkey\fR. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and +\&\fIEVP_PKEY_set1_EC_KEY()\fR return 1 for success or 0 for failure. +.PP +\&\fIEVP_PKEY_get1_RSA()\fR, \fIEVP_PKEY_get1_DSA()\fR, \fIEVP_PKEY_get1_DH()\fR and +\&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if +an error occurred. +.PP +\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_PKEY_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 970b98f..f2f0f21 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:42 2002 +.\" Mon Jan 13 19:28:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH EVP_SealInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption @@ -209,3 +209,4 @@ EVP_EncryptInit(3), EVP_OpenInit(3) .SH "HISTORY" .IX Header "HISTORY" +\&\fIEVP_SealFinal()\fR did not return a value before OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 3644176..88a56a0 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:43 2002 +.\" Mon Jan 13 19:28:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_SignInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions @@ -148,11 +148,14 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions \& #include <openssl/evp.h> .Ve .Vb 3 -\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); .Ve .Vb 1 +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve +.Vb 1 \& int EVP_PKEY_size(EVP_PKEY *pkey); .Ve .SH "DESCRIPTION" @@ -160,9 +163,9 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions The \s-1EVP\s0 signature routines are a high level interface to digital signatures. .PP -\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to using digest -\&\fBtype\fR: this will typically be supplied by a function such as -\&\fIEVP_sha1()\fR. +\&\fIEVP_SignInit_ex()\fR sets up signing context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized with +\&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the signature context \fBctx\fR. This function can be called several times on the @@ -172,17 +175,17 @@ same \fBctx\fR to include additional data. and places the signature in \fBsig\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of bytes of data written (i.e. the length of the signature) will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes -will be written. After calling \fIEVP_SignFinal()\fR no additional calls to -\&\fIEVP_SignUpdate()\fR can be made, but \fIEVP_SignInit()\fR can be called to initialize -a new signature operation. +will be written. +.PP +\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default +implementation of digest \fBtype\fR. .PP \&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual signature returned by \fIEVP_SignFinal()\fR may be smaller. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_SignInit()\fR and \fIEVP_SignUpdate()\fR do not return values. -.PP -\&\fIEVP_SignFinal()\fR returns 1 for success and 0 for failure. +\&\fIEVP_SignInit_ex()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR return 1 +for success and 0 for failure. .PP \&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. .PP @@ -201,11 +204,18 @@ EVP_DigestInit(3). When signing with \s-1DSA\s0 private keys the random number generator must be seeded or the operation will fail. The random number generator does not need to be seeded for \s-1RSA\s0 signatures. +.PP +The call to \fIEVP_SignFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR can be called +later to digest and sign additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +will occur. .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_SignUpdate()\fR could not be made after calling \fIEVP_SignFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_VerifyInit(3), @@ -217,3 +227,5 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_SignInit_ex()\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 06d78c5..77bef3d 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:43 2002 +.\" Mon Jan 13 19:28:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH EVP_VerifyInit 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions @@ -148,29 +148,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verifi \& #include <openssl/evp.h> .Ve .Vb 3 -\& void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); -\& void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +\& int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); \& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); .Ve +.Vb 1 +\& int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \s-1EVP\s0 signature verification routines are a high level interface to digital signatures. .PP -\&\fIEVP_VerifyInit()\fR initializes a verification context \fBctx\fR to using digest -\&\fBtype\fR: this will typically be supplied by a function such as \fIEVP_sha1()\fR. +\&\fIEVP_VerifyInit_ex()\fR sets up verification context \fBctx\fR to use digest +\&\fBtype\fR from \s-1ENGINE\s0 \fBimpl\fR. \fBctx\fR must be initialized by calling +\&\fIEVP_MD_CTX_init()\fR before calling this function. .PP \&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the verification context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP \&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR -and against the \fBsiglen\fR bytes at \fBsigbuf\fR. After calling \fIEVP_VerifyFinal()\fR -no additional calls to \fIEVP_VerifyUpdate()\fR can be made, but \fIEVP_VerifyInit()\fR -can be called to initialize a new verification operation. +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. +.PP +\&\fIEVP_VerifyInit()\fR initializes verification context \fBctx\fR to use the default +implementation of digest \fBtype\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIEVP_VerifyInit()\fR and \fIEVP_VerifyUpdate()\fR do not return values. +\&\fIEVP_VerifyInit_ex()\fR and \fIEVP_VerifyUpdate()\fR return 1 for success and 0 for +failure. .PP \&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some other error occurred. @@ -186,11 +192,18 @@ Due to the link between message digests and public key algorithms the correct digest algorithm must be used with the correct public key type. A list of algorithms and associated public key algorithms appears in EVP_DigestInit(3). +.PP +The call to \fIEVP_VerifyFinal()\fR internally finalizes a copy of the digest context. +This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called +later to digest and verify additional data. +.PP +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling \fIEVP_MD_CTX_cleanup()\fR or a memory leak +will occur. .SH "BUGS" .IX Header "BUGS" -Several of the functions do not return values: maybe they should. Although the -internal digest operations will never fail some future hardware based operations -might. +Older versions of this documentation wrongly stated that calls to +\&\fIEVP_VerifyUpdate()\fR could not be made after calling \fIEVP_VerifyFinal()\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" evp(3), @@ -203,3 +216,5 @@ sha(3), dgst(1) .IX Header "HISTORY" \&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIEVP_VerifyInit_ex()\fR was added in OpenSSL 0.9.7 diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 new file mode 100644 index 0000000..3b693a2 --- /dev/null +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:12 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "OBJ_nid2obj 3" +.TH OBJ_nid2obj 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid, +OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup \- \s-1ASN1\s0 object utility +functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& ASN1_OBJECT * OBJ_nid2obj(int n); +\& const char * OBJ_nid2ln(int n); +\& const char * OBJ_nid2sn(int n); +.Ve +.Vb 3 +\& int OBJ_obj2nid(const ASN1_OBJECT *o); +\& int OBJ_ln2nid(const char *ln); +\& int OBJ_sn2nid(const char *sn); +.Ve +.Vb 1 +\& int OBJ_txt2nid(const char *s); +.Ve +.Vb 2 +\& ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); +\& int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); +.Ve +.Vb 2 +\& int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); +\& ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); +.Ve +.Vb 2 +\& int OBJ_create(const char *oid,const char *sn,const char *ln); +\& void OBJ_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1ASN1\s0 object utility functions process \s-1ASN1_OBJECT\s0 structures which are +a representation of the \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (\s-1OID\s0) type. +.PP +\&\fIOBJ_nid2obj()\fR, \fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR convert the \s-1NID\s0 \fBn\fR to +an \s-1ASN1_OBJECT\s0 structure, its long name and its short name respectively, +or \fB\s-1NULL\s0\fR is an error occurred. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR return the corresponding \s-1NID\s0 +for the object \fBo\fR, the long name <ln> or the short name <sn> respectively +or NID_undef if an error occurred. +.PP +\&\fIOBJ_txt2nid()\fR returns \s-1NID\s0 corresponding to text string <s>. \fBs\fR can be +a long name, a short name or the numerical respresentation of an object. +.PP +\&\fIOBJ_txt2obj()\fR converts the text string \fBs\fR into an \s-1ASN1_OBJECT\s0 structure. +If \fBno_name\fR is 0 then long names and short names will be interpreted +as well as numerical forms. If \fBno_name\fR is 1 only the numerical form +is acceptable. +.PP +\&\fIOBJ_obj2txt()\fR converts the \fB\s-1ASN1_OBJECT\s0\fR \fBa\fR into a textual representation. +The representation is written as a null terminated string to \fBbuf\fR +at most \fBbuf_len\fR bytes are written, truncating the result if necessary. +The total amount of space required is returned. If \fBno_name\fR is 0 then +if the object has a long or short name then that will be used, otherwise +the numerical form will be used. If \fBno_name\fR is 1 then the numerical +form will always be used. +.PP +\&\fIOBJ_cmp()\fR compares \fBa\fR to \fBb\fR. If the two are identical 0 is returned. +.PP +\&\fIOBJ_dup()\fR returns a copy of \fBo\fR. +.PP +\&\fIOBJ_create()\fR adds a new object to the internal table. \fBoid\fR is the +numerical form of the object, \fBsn\fR the short name and \fBln\fR the +long name. A new \s-1NID\s0 is returned for the created object. +.PP +\&\fIOBJ_cleanup()\fR cleans up OpenSSLs internal object table: this should +be called before an application exits if any new objects were added +using \fIOBJ_create()\fR. +.SH "NOTES" +.IX Header "NOTES" +Objects in OpenSSL can have a short name, a long name and a numerical +identifier (\s-1NID\s0) associated with them. A standard set of objects is +represented in an internal table. The appropriate values are defined +in the header file \fBobjects.h\fR. +.PP +For example the \s-1OID\s0 for commonName has the following definitions: +.PP +.Vb 3 +\& #define SN_commonName "CN" +\& #define LN_commonName "commonName" +\& #define NID_commonName 13 +.Ve +New objects can be added by calling \fIOBJ_create()\fR. +.PP +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. They are +also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.PP +Objects which are not in the table have the \s-1NID\s0 value NID_undef. +.PP +Objects do not need to be in the internal tables to be processed, +the functions \fIOBJ_txt2obj()\fR and \fIOBJ_obj2txt()\fR can process the numerical +form of an \s-1OID\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an object for \fBcommonName\fR: +.PP +.Vb 2 +\& ASN1_OBJECT *o; +\& o = OBJ_nid2obj(NID_commonName); +.Ve +Check if an object is \fBcommonName\fR +.PP +.Vb 2 +\& if (OBJ_obj2nid(obj) == NID_commonName) +\& /* Do something */ +.Ve +Create a new \s-1NID\s0 and initialize an object from it: +.PP +.Vb 3 +\& int new_nid; +\& ASN1_OBJECT *obj; +\& new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +.Ve +.Vb 1 +\& obj = OBJ_nid2obj(new_nid); +.Ve +Create a new object directly: +.PP +.Vb 1 +\& obj = OBJ_txt2obj("1.2.3.4", 1); +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIOBJ_obj2txt()\fR is awkward and messy to use: it doesn't follow the +convention of other OpenSSL functions where the buffer can be set +to \fB\s-1NULL\s0\fR to determine the amount of data that should be written. +Instead \fBbuf\fR must point to a valid buffer and \fBbuf_len\fR should +be set to a positive value. A buffer length of 80 should be more +than enough to handle any \s-1OID\s0 encountered in practice. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIOBJ_nid2obj()\fR returns an \fB\s-1ASN1_OBJECT\s0\fR structure or \fB\s-1NULL\s0\fR is an +error occurred. +.PP +\&\fIOBJ_nid2ln()\fR and \fIOBJ_nid2sn()\fR returns a valid string or \fB\s-1NULL\s0\fR +on error. +.PP +\&\fIOBJ_obj2nid()\fR, \fIOBJ_ln2nid()\fR, \fIOBJ_sn2nid()\fR and \fIOBJ_txt2nid()\fR return +a \s-1NID\s0 or \fBNID_undef\fR on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 61938c4..ab77dfe 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:44 2002 +.\" Mon Jan 13 19:28:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number @@ -211,6 +211,10 @@ or \*(L"built on: date not available\*(R" otherwise. .IX Item "SSLEAY_PLATFORM" The \*(L"Configure\*(R" target of the library build in the form \*(L"platform: ...\*(R" if available or \*(L"platform: information not available\*(R" otherwise. +.Ip "\s-1SSLEAY_DIR\s0" 4 +.IX Item "SSLEAY_DIR" +The \*(L"\s-1OPENSSLDIR\s0\*(R" setting of the library build in the form \*(L"\s-1OPENSSLDIR:\s0 \*(R"..."\*(L" +if available or \*(R"\s-1OPENSSLDIR:\s0 N/A" otherwise. .PP For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. .SH "RETURN VALUE" @@ -223,3 +227,4 @@ crypto(3) .IX Header "HISTORY" \&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL. \&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL. +\&\fB\s-1SSLEAY_DIR\s0\fR was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 575f328..1ae39b4 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:44 2002 +.\" Mon Jan 13 19:28:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \- diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 new file mode 100644 index 0000000..424a067 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:16 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS12_create 3" +.TH PKCS12_create 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS12_create \- create a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +.Ve +.Vb 2 +\& PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, +\& int nid_key, int nid_cert, int iter, int mac_iter, int keytype); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_create()\fR creates a PKCS#12 structure. +.PP +\&\fBpass\fR is the passphrase to use. \fBname\fR is the \fBfriendlyName\fR to use for +the supplied certifictate and key. \fBpkey\fR is the private key to include in +the structure and \fBcert\fR its corresponding certificates. \fBca\fR, if not \fB\s-1NULL\s0\fR +is an optional set of certificates to also include in the structure. +.PP +\&\fBnid_key\fR and \fBnid_cert\fR are the encryption algorithms that should be used +for the key and certificate respectively. \fBiter\fR is the encryption algorithm +iteration count to use and \fBmac_iter\fR is the \s-1MAC\s0 iteration count to use. +\&\fBkeytype\fR is the type of key. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBnid_key\fR, \fBnid_cert\fR, \fBiter\fR, \fBmac_iter\fR and \fBkeytype\fR +can all be set to zero and sensible defaults will be used. +.PP +These defaults are: 40 bit \s-1RC2\s0 encryption for certificates, triple \s-1DES\s0 +encryption for private keys, a key iteration count of \s-1PKCS12_DEFAULT_ITER\s0 +(currently 2048) and a \s-1MAC\s0 iteration count of 1. +.PP +The default \s-1MAC\s0 iteration count is 1 in order to retain compatibility with +old software which did not interpret \s-1MAC\s0 iteration counts. If such compatibility +is not required then \fBmac_iter\fR should be set to \s-1PKCS12_DEFAULT_ITER\s0. +.PP +\&\fBkeytype\fR adds a flag to the store private key. This is a non standard extension +that is only currently interpreted by \s-1MSIE\s0. If set to zero the flag is omitted, +if set to \fB\s-1KEY_SIG\s0\fR the key can be used for signing only, if set to \fB\s-1KEY_EX\s0\fR +it can be used for signing and encryption. This option was useful for old +export grade software which could use signing only keys of arbitrary size but +had restrictions on the permissible sizes of keys which could be used for +encryption. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_PKCS12(3) +.SH "HISTORY" +.IX Header "HISTORY" +PKCS12_create was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 new file mode 100644 index 0000000..167bab6 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:17 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS12_parse 3" +.TH PKCS12_parse 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS12_parse \- parse a PKCS#12 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pkcs12.h> +.Ve +int PKCS12_parse(\s-1PKCS12\s0 *p12, const char *pass, \s-1EVP_PKEY\s0 **pkey, X509 **cert, STACK_OF(X509) **ca); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS12_parse()\fR parses a \s-1PKCS12\s0 structure. +.PP +\&\fBp12\fR is the \fB\s-1PKCS12\s0\fR structure to parse. \fBpass\fR is the passphrase to use. +If successful the private key will be written to \fB*pkey\fR, the corresponding +certificate to \fB*cert\fR and any additional certificates to \fB*ca\fR. +.SH "NOTES" +.IX Header "NOTES" +The parameters \fBpkey\fR and \fBcert\fR cannot be \fB\s-1NULL\s0\fR. \fBca\fR can be <\s-1NULL\s0> +in which case additional certificates will be discarded. \fB*ca\fR can also +be a valid \s-1STACK\s0 in which case additional certificates are appended to +\&\fB*ca\fR. If \fB*ca\fR is \fB\s-1NULL\s0\fR a new \s-1STACK\s0 will be allocated. +.PP +The \fBfriendlyName\fR and \fBlocalKeyID\fR attributes (if present) on each certificate +will be stored in the \fBalias\fR and \fBkeyid\fR attributes of the \fBX509\fR structure. +.SH "BUGS" +.IX Header "BUGS" +Only a single private key and corresponding certificate is returned by this function. +More complex PKCS#12 files with multiple private keys will only return the first +match. +.PP +Only \fBfriendlyName\fR and \fBlocalKeyID\fR attributes are currently stored in certificates. +Other attributes are discarded. +.PP +Attributes currently cannot be store in the private key \fB\s-1EVP_PKEY\s0\fR structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_PKCS12(3) +.SH "HISTORY" +.IX Header "HISTORY" +PKCS12_parse was added in OpenSSL 0.9.3 diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 new file mode 100644 index 0000000..bf61e1d --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:18 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_decrypt 3" +.TH PKCS7_decrypt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int PKCS7_decrypt(\s-1PKCS7\s0 *p7, \s-1EVP_PKEY\s0 *pkey, X509 *cert, \s-1BIO\s0 *data, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_decrypt()\fR extracts and decrypts the content from a PKCS#7 envelopedData +structure. \fBpkey\fR is the private key of the recipient, \fBcert\fR is the +recipients certificate, \fBdata\fR is a \s-1BIO\s0 to write the content to and +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +\&\fIOpenSSL_add_all_algorithms()\fR (or equivalent) should be called before using this +function or errors about unknown algorithms will occur. +.PP +Although the recipients certificate is not needed to decrypt the data it is needed +to locate the appropriate (of possible several) recipients in the PKCS#7 structure. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_decrypt()\fR returns either 1 for success or 0 for failure. +The error can be obtained from \fIERR_get_error\fR\|(3) +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_decrypt()\fR must be passed the correct recipient key and certificate. It would +be better if it could look up the correct key and certificate from a database. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_encrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 new file mode 100644 index 0000000..4661d33 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -0,0 +1,195 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:19 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_encrypt 3" +.TH PKCS7_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_encrypt \- create a PKCS#7 envelopedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1PKCS7\s0 *PKCS7_encrypt(STACK_OF(X509) *certs, \s-1BIO\s0 *in, const \s-1EVP_CIPHER\s0 *cipher, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_encrypt()\fR creates and returns a PKCS#7 envelopedData structure. \fBcerts\fR +is a list of recipient certificates. \fBin\fR is the content to be encrypted. +\&\fBcipher\fR is the symmetric cipher to use. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Only \s-1RSA\s0 keys are supported in PKCS#7 and envelopedData so the recipient certificates +supplied to this function must all contain \s-1RSA\s0 public keys, though they do not have to +be signed using the \s-1RSA\s0 algorithm. +.PP +\&\fIEVP_des_ede3_cbc()\fR (triple \s-1DES\s0) is the algorithm of choice for S/MIME use because +most clients will support it. +.PP +Some old \*(L"export grade\*(R" clients may only support weak encryption using 40 or 64 bit +\&\s-1RC2\s0. These can be used by passing \fIEVP_rc2_40_cbc()\fR and \fIEVP_rc2_64_cbc()\fR respectively. +.PP +The algorithm passed in the \fBcipher\fR parameter must support \s-1ASN1\s0 encoding of its +parameters. +.PP +Many browsers implement a \*(L"sign and encrypt\*(R" option which is simply an S/MIME +envelopedData containing an S/MIME signed message. This can be readily produced +by storing the S/MIME signed message in a memory \s-1BIO\s0 and passing it to +\&\fIPKCS7_encrypt()\fR. +.PP +The following flags can be passed in the \fBflags\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required +by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. If \fB\s-1PKCS7_BINARY\s0\fR is set then \fB\s-1PKCS7_TEXT\s0\fR is ignored. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_encrypt()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "BUGS" +.IX Header "BUGS" +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_decrypt()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 new file mode 100644 index 0000000..0ada49f --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:20 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_sign 3" +.TH PKCS7_sign 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_sign \- create a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1PKCS7\s0 *PKCS7_sign(X509 *signcert, \s-1EVP_PKEY\s0 *pkey, STACK_OF(X509) *certs, \s-1BIO\s0 *data, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_sign()\fR creates and returns a PKCS#7 signedData structure. \fBsigncert\fR +is the certificate to sign with, \fBpkey\fR is the corresponsding private key. +\&\fBcerts\fR is an optional additional set of certificates to include in the +PKCS#7 structure (for example any intermediate CAs in the chain). +.PP +The data to be signed is read from \s-1BIO\s0 \fBdata\fR. +.PP +\&\fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter. +.PP +Many S/MIME clients expect the signed content to include valid \s-1MIME\s0 headers. If +the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are prepended +to the data. +.PP +If \fB\s-1PKCS7_NOCERTS\s0\fR is set the signer's certificate will not be included in the +\&\s-1PKCS7\s0 structure, the signer's certificate must still be supplied in the \fBsigncert\fR +parameter though. This can reduce the size of the signature if the signers certificate +can be obtained by other means: for example a previously signed message. +.PP +The data being signed is included in the \s-1PKCS7\s0 structure, unless \fB\s-1PKCS7_DETACHED\s0\fR +is set in which case it is omitted. This is used for \s-1PKCS7\s0 detached signatures +which are used in S/MIME plaintext signed messages for example. +.PP +Normally the supplied content is translated into \s-1MIME\s0 canonical format (as required +by the S/MIME specifications) if \fB\s-1PKCS7_BINARY\s0\fR is set no translation occurs. This +option should be used if the supplied data is in binary format otherwise the translation +will corrupt it. +.PP +The signedData structure includes several PKCS#7 autenticatedAttributes including +the signing time, the PKCS#7 content type and the supported list of ciphers in +an SMIMECapabilities attribute. If \fB\s-1PKCS7_NOATTR\s0\fR is set then no authenticatedAttributes +will be used. If \fB\s-1PKCS7_NOSMIMECAP\s0\fR is set then just the SMIMECapabilities are +omitted. +.PP +If present the SMIMECapabilities attribute indicates support for the following +algorithms: triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bit \s-1RC2\s0, \s-1DES\s0 and 40 bit \s-1RC2\s0. If any +of these algorithms is disabled then it will not be included. +.SH "BUGS" +.IX Header "BUGS" +\&\fIPKCS7_sign()\fR is somewhat limited. It does not support multiple signers, some +advanced attributes such as counter signatures are not supported. +.PP +The \s-1SHA1\s0 digest algorithm is currently always used. +.PP +When the signed data is not detached it will be stored in memory within the +\&\fB\s-1PKCS7\s0\fR structure. This effectively limits the size of messages which can be +signed due to memory restraints. There should be a way to sign data without +having to hold it all in memory, this would however require fairly major +revisions of the OpenSSL \s-1ASN1\s0 code. +.PP +Clear text signing does not store the content in memory but the way \fIPKCS7_sign()\fR +operates means that two passes of the data must typically be made: one to compute +the signatures and a second to output the data along with the signature. There +should be a way to process the data with only a single pass. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_sign()\fR returns either a valid \s-1PKCS7\s0 structure or \s-1NULL\s0 if an error occurred. +The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_sign()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 new file mode 100644 index 0000000..3a9b1b0 --- /dev/null +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -0,0 +1,245 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:22 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7_verify 3" +.TH PKCS7_verify 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +PKCS7_verify \- verify a PKCS#7 signedData structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int PKCS7_verify(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, X509_STORE *store, \s-1BIO\s0 *indata, \s-1BIO\s0 *out, int flags); +.PP +int PKCS7_get0_signers(\s-1PKCS7\s0 *p7, STACK_OF(X509) *certs, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIPKCS7_verify()\fR verifies a PKCS#7 signedData structure. \fBp7\fR is the \s-1PKCS7\s0 +structure to verify. \fBcerts\fR is a set of certificates in which to search for +the signer's certificate. \fBstore\fR is a trusted certficate store (used for +chain verification). \fBindata\fR is the signed data if the content is not +present in \fBp7\fR (that is it is detached). The content is written to \fBout\fR +if it is not \s-1NULL\s0. +.PP +\&\fBflags\fR is an optional set of flags, which can be used to modify the verify +operation. +.PP +\&\fIPKCS7_get0_signers()\fR retrieves the signer's certificates from \fBp7\fR, it does +\&\fBnot\fR check their validity or whether any signatures are valid. The \fBcerts\fR +and \fBflags\fR parameters have the same meanings as in \fIPKCS7_verify()\fR. +.SH "VERIFY PROCESS" +.IX Header "VERIFY PROCESS" +Normally the verify process proceeds as follows. +.PP +Initially some sanity checks are performed on \fBp7\fR. The type of \fBp7\fR must +be signedData. There must be at least one signature on the data and if +the content is detached \fBindata\fR cannot be \fB\s-1NULL\s0\fR. +.PP +An attempt is made to locate all the signer's certificates, first looking in +the \fBcerts\fR parameter (if it is not \fB\s-1NULL\s0\fR) and then looking in any certificates +contained in the \fBp7\fR structure itself. If any signer's certificates cannot be +located the operation fails. +.PP +Each signer's certificate is chain verified using the \fBsmimesign\fR purpose and +the supplied trusted certificate store. Any internal certificates in the message +are used as untrusted CAs. If any chain verify fails an error code is returned. +.PP +Finally the signed content is read (and written to \fBout\fR is it is not \s-1NULL\s0) and +the signature's checked. +.PP +If all signature's verify correctly then the function is successful. +.PP +Any of the following flags (ored together) can be passed in the \fBflags\fR parameter +to change the default verify behaviour. Only the flag \fB\s-1PKCS7_NOINTERN\s0\fR is +meaningful to \fIPKCS7_get0_signers()\fR. +.PP +If \fB\s-1PKCS7_NOINTERN\s0\fR is set the certificates in the message itself are not +searched when locating the signer's certificate. This means that all the signers +certificates must be in the \fBcerts\fR parameter. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR are deleted +from the content. If the content is not of type \fBtext/plain\fR then an error is +returned. +.PP +If \fB\s-1PKCS7_NOVERIFY\s0\fR is set the signer's certificates are not chain verified. +.PP +If \fB\s-1PKCS7_NOCHAIN\s0\fR is set then the certificates contained in the message are +not used as untrusted CAs. This means that the whole verify chain (apart from +the signer's certificate) must be contained in the trusted store. +.PP +If \fB\s-1PKCS7_NOSIGS\s0\fR is set then the signatures on the data are not checked. +.SH "NOTES" +.IX Header "NOTES" +One application of \fB\s-1PKCS7_NOINTERN\s0\fR is to only accept messages signed by +a small number of certificates. The acceptable certificates would be passed +in the \fBcerts\fR parameter. In this case if the signer is not one of the +certificates supplied in \fBcerts\fR then the verify will fail because the +signer cannot be found. +.PP +Care should be taken when modifying the default verify behaviour, for example +setting \fBPKCS7_NOVERIFY|PKCS7_NOSIGS\fR will totally disable all verification +and any signed message will be considered valid. This combination is however +useful if one merely wishes to write the content to \fBout\fR and its validity +is not considered important. +.PP +Chain verification should arguably be performed using the signing time rather +than the current time. However since the signing time is supplied by the +signer it cannot be trusted without additional evidence (such as a trusted +timestamp). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIPKCS7_verify()\fR returns 1 for a successful verification and zero or a negative +value if an error occurs. +.PP +\&\fIPKCS7_get0_signers()\fR returns all signers or \fB\s-1NULL\s0\fR if an error occurred. +.PP +The error can be obtained from ERR_get_error(3) +.SH "BUGS" +.IX Header "BUGS" +The trusted certificate store is not searched for the signers certificate, +this is primarily due to the inadequacies of the current \fBX509_STORE\fR +functionality. +.PP +The lack of single pass processing and need to hold all data in memory as +mentioned in \fIPKCS7_sign()\fR also applies to \fIPKCS7_verify()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIPKCS7_verify()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index 15a7d91..7ece2c6 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:45 2002 +.\" Mon Jan 13 19:28:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_add 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index a3bd3fb..f635985 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:46 2002 +.\" Mon Jan 13 19:28:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_bytes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_bytes, RAND_pseudo_bytes \- generate random data @@ -174,7 +174,8 @@ functions return \-1 if they are not supported by the current \s-1RAND\s0 method. .SH "SEE ALSO" .IX Header "SEE ALSO" -rand(3), err(3), RAND_add(3) +rand(3), ERR_get_error(3), +RAND_add(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 317e9d3..e6efbc3 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:46 2002 +.\" Mon Jan 13 19:28:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_cleanup 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_cleanup \- erase the \s-1PRNG\s0 state diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index d5f6284..b59d0e5 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:47 2002 +.\" Mon Jan 13 19:28:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH RAND_egd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_egd \- query entropy gathering daemon @@ -151,6 +151,9 @@ RAND_egd \- query entropy gathering daemon \& int RAND_egd(const char *path); \& int RAND_egd_bytes(const char *path, int bytes); .Ve +.Vb 1 +\& int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. @@ -166,6 +169,11 @@ When only one secret key must be generated, it is not necessary to request the full amount 255 bytes from the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy that can be retrieved from \s-1EGD\s0 over time is limited. +.PP +\&\fIRAND_query_egd_bytes()\fR performs the actual query of the \s-1EGD\s0 daemon on socket +\&\fBpath\fR. If \fBbuf\fR is given, \fBbytes\fR bytes are queried and written into +\&\fBbuf\fR. If \fBbuf\fR is \s-1NULL\s0, \fBbytes\fR bytes are queried and used to seed the +OpenSSL built-in \s-1PRNG\s0 using RAND_add(3). .SH "NOTES" .IX Header "NOTES" On systems without /dev/*random devices providing entropy from the kernel, @@ -185,11 +193,18 @@ available from http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . \&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run out of entropy. +.PP +OpenSSL automatically queries \s-1EGD\s0 when entropy is requested via \fIRAND_bytes()\fR +or the status is checked via \fIRAND_status()\fR for the first time, if the socket +is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool. .SH "RETURN VALUE" .IX Header "RETURN VALUE" \&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the daemon on success, and \-1 if the connection failed or the daemon did not return enough data to fully seed the \s-1PRNG\s0. +.PP +\&\fIRAND_query_egd_bytes()\fR returns the number of bytes read from the daemon on +success, and \-1 if the connection failed. The \s-1PRNG\s0 state is not considered. .SH "SEE ALSO" .IX Header "SEE ALSO" rand(3), RAND_add(3), @@ -199,3 +214,7 @@ RAND_cleanup(3) \&\fIRAND_egd()\fR is available since OpenSSL 0.9.5. .PP \&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6. +.PP +\&\fIRAND_query_egd_bytes()\fR is available since OpenSSL 0.9.7. +.PP +The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index c61c512..6ae20f1 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:47 2002 +.\" Mon Jan 13 19:28:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH RAND_load_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 3c28fed..d38d589 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:48 2002 +.\" Mon Jan 13 19:28:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RAND_set_rand_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method @@ -148,24 +148,32 @@ RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 me \& #include <openssl/rand.h> .Ve .Vb 1 -\& void RAND_set_rand_method(RAND_METHOD *meth); +\& void RAND_set_rand_method(const RAND_METHOD *meth); .Ve .Vb 1 -\& RAND_METHOD *RAND_get_rand_method(void); +\& const RAND_METHOD *RAND_get_rand_method(void); .Ve .Vb 1 \& RAND_METHOD *RAND_SSLeay(void); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random -number generation. By modifying the method, alternative -implementations such as hardware RNGs may be used. Initially, the -default is to use the OpenSSL internal implementation. \fIRAND_SSLeay()\fR -returns a pointer to that method. +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random number +generation. By modifying the method, alternative implementations such as +hardware RNGs may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for important +information about how these \s-1RAND\s0 \s-1API\s0 functions are affected by the use of +\&\fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -\&\fIRAND_set_rand_method()\fR sets the \s-1RAND\s0 method to \fBmeth\fR. -\&\fIRAND_get_rand_method()\fR returns a pointer to the current method. +Initially, the default \s-1RAND_METHOD\s0 is the OpenSSL internal implementation, as +returned by \fIRAND_SSLeay()\fR. +.PP +\&\fIRAND_set_default_method()\fR makes \fBmeth\fR the method for \s-1PRNG\s0 use. \fB\s-1NB\s0\fR: This is +true only whilst no \s-1ENGINE\s0 has been set as a default for \s-1RAND\s0, so this function +is no longer recommended. +.PP +\&\fIRAND_get_default_method()\fR returns a pointer to the current \s-1RAND_METHOD\s0. +However, the meaningfulness of this result is dependant on whether the \s-1ENGINE\s0 +\&\s-1API\s0 is being used, so this function is no longer recommended. .SH "THE RAND_METHOD STRUCTURE" .IX Header "THE RAND_METHOD STRUCTURE" .Vb 9 @@ -187,10 +195,25 @@ Each component may be \s-1NULL\s0 if the function is not implemented. .IX Header "RETURN VALUES" \&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and \&\fIRAND_SSLeay()\fR return pointers to the respective methods. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1RAND_METHOD\s0 implementations are grouped together with other +algorithmic APIs (eg. \s-1RSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) in \fB\s-1ENGINE\s0\fR modules. If a +default \s-1ENGINE\s0 is specified for \s-1RAND\s0 functionality using an \s-1ENGINE\s0 \s-1API\s0 function, +that will override any \s-1RAND\s0 defaults set using the \s-1RAND\s0 \s-1API\s0 (ie. +\&\fIRAND_set_rand_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the recommended way +to control default implementations for use in \s-1RAND\s0 and other cryptographic +algorithms. .SH "SEE ALSO" .IX Header "SEE ALSO" -rand(3) +rand(3), engine(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are available in all versions of OpenSSL. +.PP +In the engine version of version 0.9.6, \fIRAND_set_rand_method()\fR was altered to +take an \s-1ENGINE\s0 pointer as its argument. As of version 0.9.7, that has been +reverted as the \s-1ENGINE\s0 \s-1API\s0 transparently overrides \s-1RAND\s0 defaults if used, +otherwise \s-1RAND\s0 \s-1API\s0 functions work as before. \fIRAND_set_rand_engine()\fR was also +introduced in version 0.9.7. diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index 1ad4f8b..afe90bd 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_blinding_on 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index f5a5581..9c31ac6 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:49 2002 +.\" Mon Jan 13 19:28:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_check_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_check_key \- validate private \s-1RSA\s0 keys @@ -174,9 +174,27 @@ This function does not work on \s-1RSA\s0 public keys that have only the modulus and public exponent elements populated. It performs integrity checks on all the \s-1RSA\s0 key material, so the \s-1RSA\s0 key structure must contain all the private key data too. +.PP +Unlike most other \s-1RSA\s0 functions, this function does \fBnot\fR work +transparently with any underlying \s-1ENGINE\s0 implementation because it uses the +key data in the \s-1RSA\s0 structure directly. An \s-1ENGINE\s0 implementation can +override the way key data is stored and handled, and can even provide +support for \s-1HSM\s0 keys \- in which case the \s-1RSA\s0 structure may contain \fBno\fR +key data at all! If the \s-1ENGINE\s0 in question is only being used for +acceleration or analysis purposes, then in all likelihood the \s-1RSA\s0 key data +is complete and untouched, but this can't be assumed in the general case. +.SH "BUGS" +.IX Header "BUGS" +A method of verifying the \s-1RSA\s0 key using opaque \s-1RSA\s0 \s-1API\s0 functions might need +to be considered. Right now \fIRSA_check_key()\fR simply uses the \s-1RSA\s0 structure +elements directly, bypassing the \s-1RSA_METHOD\s0 table altogether (and +completely violating encapsulation and object-orientation in the process). +The best fix will probably be to introduce a \*(L"\fIcheck_key()\fR\*(R" handler to the +\&\s-1RSA_METHOD\s0 function table so that alternative implementations can also +provide their own verifiers. .SH "SEE ALSO" .IX Header "SEE ALSO" -rsa(3), err(3) +rsa(3), ERR_get_error(3) .SH "HISTORY" .IX Header "HISTORY" -\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4. +\&\fIRSA_check_key()\fR appeared in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index 50e23bc..9253cab 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:50 2002 +.\" Mon Jan 13 19:28:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH RSA_generate_key 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_generate_key \- generate \s-1RSA\s0 key pair @@ -186,7 +186,8 @@ error codes can be obtained by ERR_get_error(3). \&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rand(3), rsa(3), RSA_free(3) +ERR_get_error(3), rand(3), rsa(3), +RSA_free(3) .SH "HISTORY" .IX Header "HISTORY" The \fBcb_arg\fR argument was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index f8fccb7..ce2be62 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:50 2002 +.\" Mon Jan 13 19:28:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 7869f1a..e1e32dc 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:51 2002 +.\" Mon Jan 13 19:28:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects @@ -155,7 +155,8 @@ RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. +\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. It is equivalent to +calling RSA_new_method(\s-1NULL\s0). .PP \&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is erased before the memory is returned to the system. @@ -168,7 +169,9 @@ a pointer to the newly allocated structure. \&\fIRSA_free()\fR returns no value. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rsa(3), RSA_generate_key(3) +ERR_get_error(3), rsa(3), +RSA_generate_key(3), +RSA_new_method(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index fb2dba4..e17331e 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:52 2002 +.\" Mon Jan 13 19:28:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 9a0494c..da3787a 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:52 2002 +.\" Mon Jan 13 19:28:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,12 +138,12 @@ .\" ====================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_print 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, -DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic -parameters +RSA_print, RSA_print_fp, +DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp, +DHparams_print, DHparams_print_fp \- print cryptographic parameters .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index e7e63f6..ba0fd87 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:53 2002 +.\" Mon Jan 13 19:28:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_private_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_private_encrypt, RSA_public_decrypt \- low level signature operations @@ -192,7 +192,8 @@ On error, \-1 is returned; the error codes can be obtained by ERR_get_error(3). .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rsa(3), RSA_sign(3), RSA_verify(3) +ERR_get_error(3), rsa(3), +RSA_sign(3), RSA_verify(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 407b578..a516181 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:54 2002 +.\" Mon Jan 13 19:28:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_public_encrypt 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography @@ -202,10 +202,8 @@ obtained by ERR_get_error(3). \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), rand(3), rsa(3), RSA_size(3) -.SH "NOTES" -.IX Header "NOTES" -The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode. +ERR_get_error(3), rand(3), rsa(3), +RSA_size(3) .SH "HISTORY" .IX Header "HISTORY" The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index df55757..ee2ada5 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:54 2002 +.\" Mon Jan 13 19:28:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,40 +138,37 @@ .\" ====================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH RSA_set_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, -RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method +RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags, +RSA_new_method \- select \s-1RSA\s0 method .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/rsa.h> .Ve .Vb 1 -\& void RSA_set_default_method(RSA_METHOD *meth); +\& void RSA_set_default_method(const RSA_METHOD *meth); .Ve .Vb 1 \& RSA_METHOD *RSA_get_default_method(void); .Ve .Vb 1 -\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); .Ve .Vb 1 -\& RSA_METHOD *RSA_get_method(RSA *rsa); +\& RSA_METHOD *RSA_get_method(const RSA *rsa); .Ve .Vb 1 \& RSA_METHOD *RSA_PKCS1_SSLeay(void); .Ve .Vb 1 -\& RSA_METHOD *RSA_PKCS1_RSAref(void); -.Ve -.Vb 1 \& RSA_METHOD *RSA_null_method(void); .Ve .Vb 1 -\& int RSA_flags(RSA *rsa); +\& int RSA_flags(const RSA *rsa); .Ve .Vb 1 \& RSA *RSA_new_method(RSA_METHOD *method); @@ -179,32 +176,45 @@ RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method .SH "DESCRIPTION" .IX Header "DESCRIPTION" An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. -.PP -Initially, the default is to use the OpenSSL internal implementation, -unless OpenSSL was configured with the \f(CW\*(C`rsaref\*(C'\fR or \f(CW\*(C`\-DRSA_NULL\*(C'\fR -options. \fIRSA_PKCS1_SSLeay()\fR returns a pointer to that method. +operations. By modifying the method, alternative implementations such as +hardware accelerators may be used. \s-1IMPORTANT:\s0 See the \s-1NOTES\s0 section for +important information about how these \s-1RSA\s0 \s-1API\s0 functions are affected by the +use of \fB\s-1ENGINE\s0\fR \s-1API\s0 calls. .PP -\&\fIRSA_PKCS1_RSAref()\fR returns a pointer to a method that uses the RSAref -library. This is the default method in the \f(CW\*(C`rsaref\*(C'\fR configuration; -the function is not available in other configurations. -\&\fIRSA_null_method()\fR returns a pointer to a method that does not support -the \s-1RSA\s0 transformation. It is the default if OpenSSL is compiled with -\&\f(CW\*(C`\-DRSA_NULL\*(C'\fR. These methods may be useful in the \s-1USA\s0 because of a -patent on the \s-1RSA\s0 cryptosystem. +Initially, the default \s-1RSA_METHOD\s0 is the OpenSSL internal implementation, +as returned by \fIRSA_PKCS1_SSLeay()\fR. .PP -\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1RSA\s0\fR -structures created later. +\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \s-1RSA\s0 +structures created later. \fB\s-1NB\s0\fR: This is true only whilst no \s-1ENGINE\s0 has +been set as a default for \s-1RSA\s0, so this function is no longer recommended. .PP \&\fIRSA_get_default_method()\fR returns a pointer to the current default -method. +\&\s-1RSA_METHOD\s0. However, the meaningfulness of this result is dependant on +whether the \s-1ENGINE\s0 \s-1API\s0 is being used, so this function is no longer +recommended. .PP -\&\fIRSA_set_method()\fR selects \fBmeth\fR for all operations using the key -\&\fBrsa\fR. +\&\fIRSA_set_method()\fR selects \fBmeth\fR to perform all operations using the key +\&\fBrsa\fR. This will replace the \s-1RSA_METHOD\s0 used by the \s-1RSA\s0 key and if the +previous method was supplied by an \s-1ENGINE\s0, the handle to that \s-1ENGINE\s0 will +be released during the change. It is possible to have \s-1RSA\s0 keys that only +work with certain \s-1RSA_METHOD\s0 implementations (eg. from an \s-1ENGINE\s0 module +that supports embedded hardware-protected keys), and in such cases +attempting to change the \s-1RSA_METHOD\s0 for the key can have unexpected +results. .PP -\&\fIRSA_get_method()\fR returns a pointer to the method currently selected -for \fBrsa\fR. +\&\fIRSA_get_method()\fR returns a pointer to the \s-1RSA_METHOD\s0 being used by \fBrsa\fR. +This method may or may not be supplied by an \s-1ENGINE\s0 implementation, but if +it is, the return value can only be guaranteed to be valid as long as the +\&\s-1RSA\s0 key itself is valid and does not have its implementation changed by +\&\fIRSA_set_method()\fR. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current +\&\s-1RSA_METHOD\s0. See the \s-1BUGS\s0 section. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \s-1RSA\s0 structure so that +\&\fBengine\fR will be used for the \s-1RSA\s0 operations. If \fBengine\fR is \s-1NULL\s0, the +default \s-1ENGINE\s0 for \s-1RSA\s0 operations is used, and if no default \s-1ENGINE\s0 is set, +the \s-1RSA_METHOD\s0 controlled by \fIRSA_set_default_method()\fR is used. .PP \&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. .PP @@ -288,18 +298,42 @@ the default method is used. .Ve .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_RSAref()\fR, \fIRSA_PKCS1_null_method()\fR, -\&\fIRSA_get_default_method()\fR and \fIRSA_get_method()\fR return pointers to the -respective \fB\s-1RSA_METHOD\s0\fRs. +\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_null_method()\fR, \fIRSA_get_default_method()\fR +and \fIRSA_get_method()\fR return pointers to the respective RSA_METHODs. .PP \&\fIRSA_set_default_method()\fR returns no value. .PP -\&\fIRSA_set_method()\fR returns a pointer to the \fB\s-1RSA_METHOD\s0\fR previously -associated with \fBrsa\fR. +\&\fIRSA_set_method()\fR returns a pointer to the old \s-1RSA_METHOD\s0 implementation +that was replaced. However, this return value should probably be ignored +because if it was supplied by an \s-1ENGINE\s0, the pointer could be invalidated +at any time if the \s-1ENGINE\s0 is unloaded (in fact it could be unloaded as a +result of the \fIRSA_set_method()\fR function releasing its handle to the +\&\s-1ENGINE\s0). For this reason, the return type may be replaced with a \fBvoid\fR +declaration in a future release. .PP -\&\fIRSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be -obtained by ERR_get_error(3) if the allocation fails. Otherwise it -returns a pointer to the newly allocated structure. +\&\fIRSA_new_method()\fR returns \s-1NULL\s0 and sets an error code that can be obtained +by ERR_get_error(3) if the allocation fails. Otherwise +it returns a pointer to the newly allocated structure. +.SH "NOTES" +.IX Header "NOTES" +As of version 0.9.7, \s-1RSA_METHOD\s0 implementations are grouped together with +other algorithmic APIs (eg. \s-1DSA_METHOD\s0, \s-1EVP_CIPHER\s0, etc) into \fB\s-1ENGINE\s0\fR +modules. If a default \s-1ENGINE\s0 is specified for \s-1RSA\s0 functionality using an +\&\s-1ENGINE\s0 \s-1API\s0 function, that will override any \s-1RSA\s0 defaults set using the \s-1RSA\s0 +\&\s-1API\s0 (ie. \fIRSA_set_default_method()\fR). For this reason, the \s-1ENGINE\s0 \s-1API\s0 is the +recommended way to control default implementations for use in \s-1RSA\s0 and other +cryptographic algorithms. +.SH "BUGS" +.IX Header "BUGS" +The behaviour of \fIRSA_flags()\fR is a mis-feature that is left as-is for now +to avoid creating compatibility problems. \s-1RSA\s0 functionality, such as the +encryption functions, are controlled by the \fBflags\fR value in the \s-1RSA\s0 key +itself, not by the \fBflags\fR value in the \s-1RSA_METHOD\s0 attached to the \s-1RSA\s0 key +(which is what this function returns). If the flags element of an \s-1RSA\s0 key +is changed, the changes will be honoured by \s-1RSA\s0 functionality but will not +be reflected in the return value of the \fIRSA_flags()\fR function \- in effect +\&\fIRSA_flags()\fR behaves more like an \fIRSA_default_flags()\fR function (which does +not currently exist). .SH "SEE ALSO" .IX Header "SEE ALSO" rsa(3), RSA_new(3) @@ -309,3 +343,14 @@ rsa(3), RSA_new(3) \&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were added in OpenSSL 0.9.4. +.PP +\&\fIRSA_set_default_openssl_method()\fR and \fIRSA_get_default_openssl_method()\fR +replaced \fIRSA_set_default_method()\fR and \fIRSA_get_default_method()\fR +respectively, and \fIRSA_set_method()\fR and \fIRSA_new_method()\fR were altered to use +\&\fB\s-1ENGINE\s0\fRs rather than \fB\s-1RSA_METHOD\s0\fRs during development of the engine +version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the \s-1ENGINE\s0 +\&\s-1API\s0 was restructured so that this change was reversed, and behaviour of the +other functions resembled more closely the previous behaviour. The +behaviour of defaults in the \s-1ENGINE\s0 \s-1API\s0 now transparently overrides the +behaviour of defaults in the \s-1RSA\s0 \s-1API\s0 without requiring changing these +function prototypes. diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index 7698a4a..b4251d7 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:55 2002 +.\" Mon Jan 13 19:28:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_sign 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_sign, RSA_verify \- \s-1RSA\s0 signatures @@ -187,8 +187,8 @@ for compatibility with SSLeay 0.4.5 :\-) \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), objects(3), rsa(3), -RSA_private_encrypt(3), +ERR_get_error(3), objects(3), +rsa(3), RSA_private_encrypt(3), RSA_public_decrypt(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index 978dfa9..326b0a9 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:55 2002 +.\" Mon Jan 13 19:28:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures @@ -185,8 +185,8 @@ The error codes can be obtained by ERR_get_error(3). These functions serve no recognizable purpose. .SH "SEE ALSO" .IX Header "SEE ALSO" -err(3), objects(3), rand(3), -rsa(3), RSA_sign(3), +ERR_get_error(3), objects(3), +rand(3), rsa(3), RSA_sign(3), RSA_verify(3) .SH "HISTORY" .IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 4c195b8..4c7dbee 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:56 2002 +.\" Mon Jan 13 19:28:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH RSA_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RSA_size \- get \s-1RSA\s0 modulus size @@ -148,7 +148,7 @@ RSA_size \- get \s-1RSA\s0 modulus size \& #include <openssl/rsa.h> .Ve .Vb 1 -\& int RSA_size(RSA *rsa); +\& int RSA_size(const RSA *rsa); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 new file mode 100644 index 0000000..e482725 --- /dev/null +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SMIME_read_PKCS7 3" +.TH SMIME_read_PKCS7 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SMIME_read_PKCS7 \- parse S/MIME message. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1PKCS7\s0 *SMIME_read_PKCS7(\s-1BIO\s0 *in, \s-1BIO\s0 **bcont); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_read_PKCS7()\fR parses a message in S/MIME format. +.PP +\&\fBin\fR is a \s-1BIO\s0 to read the message from. +.PP +If cleartext signing is used then the content is saved in +a memory bio which is written to \fB*bcont\fR, otherwise +\&\fB*bcont\fR is set to \fB\s-1NULL\s0\fR. +.PP +The parsed PKCS#7 structure is returned or \fB\s-1NULL\s0\fR if an +error occurred. +.SH "NOTES" +.IX Header "NOTES" +If \fB*bcont\fR is not \fB\s-1NULL\s0\fR then the message is clear text +signed. \fB*bcont\fR can then be passed to \fIPKCS7_verify()\fR with +the \fB\s-1PKCS7_DETACHED\s0\fR flag set. +.PP +Otherwise the type of the returned structure can be determined +using \fIPKCS7_type()\fR. +.PP +To support future functionality if \fBbcont\fR is not \fB\s-1NULL\s0\fR +\&\fB*bcont\fR should be initialized to \fB\s-1NULL\s0\fR. For example: +.PP +.Vb 2 +\& BIO *cont = NULL; +\& PKCS7 *p7; +.Ve +.Vb 1 +\& p7 = SMIME_read_PKCS7(in, &cont); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser used by \fISMIME_read_PKCS7()\fR is somewhat primitive. +While it will handle most S/MIME messages more complex compound +formats may not work. +.PP +The parser assumes that the \s-1PKCS7\s0 structure is always base64 +encoded and will not handle the case where it is in binary format +or uses quoted printable format. +.PP +The use of a memory \s-1BIO\s0 to hold the signed content limits the size +of message which can be processed due to memory restraints: a +streaming single pass option should be available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_read_PKCS7()\fR returns a valid \fB\s-1PKCS7\s0\fR structure or \fB\s-1NULL\s0\fR +is an error occurred. The error can be obtained from \fIERR_get_error\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_type(3) +SMIME_read_PKCS7(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISMIME_read_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 new file mode 100644 index 0000000..99eafe7 --- /dev/null +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:46 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SMIME_write_PKCS7 3" +.TH SMIME_write_PKCS7 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int SMIME_write_PKCS7(\s-1BIO\s0 *out, \s-1PKCS7\s0 *p7, \s-1BIO\s0 *data, int flags); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISMIME_write_PKCS7()\fR adds the appropriate \s-1MIME\s0 headers to a PKCS#7 +structure to produce an S/MIME message. +.PP +\&\fBout\fR is the \s-1BIO\s0 to write the data to. \fBp7\fR is the appropriate +\&\fB\s-1PKCS7\s0\fR structure. If cleartext signing (\fBmultipart/signed\fR) is +being used then the signed data must be supplied in the \fBdata\fR +argument. \fBflags\fR is an optional set of flags. +.SH "NOTES" +.IX Header "NOTES" +The following flags can be passed in the \fBflags\fR parameter. +.PP +If \fB\s-1PKCS7_DETACHED\s0\fR is set then cleartext signing will be used, +this option only makes sense for signedData where \fB\s-1PKCS7_DETACHED\s0\fR +is also set when \fIPKCS7_sign()\fR is also called. +.PP +If the \fB\s-1PKCS7_TEXT\s0\fR flag is set \s-1MIME\s0 headers for type \fBtext/plain\fR +are added to the content, this only makes sense if \fB\s-1PKCS7_DETACHED\s0\fR +is also set. +.PP +If cleartext signing is being used then the data must be read twice: +once to compute the signature in \fIPKCS7_sign()\fR and once to output the +S/MIME message. +.SH "BUGS" +.IX Header "BUGS" +\&\fISMIME_write_PKCS7()\fR always base64 encodes PKCS#7 structures, there +should be an option to disable this. +.PP +There should really be a way to produce cleartext signing using only +a single pass of the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISMIME_write_PKCS7()\fR returns 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), PKCS7_sign(3), +PKCS7_verify(3), PKCS7_encrypt(3) +PKCS7_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISMIME_write_PKCS7()\fR was added to OpenSSL 0.9.5 diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 new file mode 100644 index 0000000..11907bd --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_ENTRY_get_object 3" +.TH X509_NAME_ENTRY_get_object 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data, +X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data, +X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID, +X509_NAME_ENTRY_create_by_OBJ \- X509_NAME_ENTRY utility functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\s-1ASN1_OBJECT\s0 * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); +\&\s-1ASN1_STRING\s0 * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); +.PP +int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, \s-1ASN1_OBJECT\s0 *obj); +int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len); +.PP +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len); +X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, \s-1ASN1_OBJECT\s0 *obj, int type,unsigned char *bytes, int len); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_ENTRY_get_object()\fR retrieves the field name of \fBne\fR in +and \fB\s-1ASN1_OBJECT\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_get_data()\fR retrieves the field value of \fBne\fR in +and \fB\s-1ASN1_STRING\s0\fR structure. +.PP +\&\fIX509_NAME_ENTRY_set_object()\fR sets the field name of \fBne\fR to \fBobj\fR. +.PP +\&\fIX509_NAME_ENTRY_set_data()\fR sets the field value of \fBne\fR to string type +\&\fBtype\fR and value determined by \fBbytes\fR and \fBlen\fR. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +\&\fBX509_NAME_ENTRY\fR structure. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_ENTRY_get_object()\fR and \fIX509_NAME_ENTRY_get_data()\fR can be +used to examine an \fBX509_NAME_ENTRY\fR function as returned by +\&\fIX509_NAME_get_entry()\fR for example. +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_NID()\fR, +and \fIX509_NAME_ENTRY_create_by_OBJ()\fR create and return an +.PP +\&\fIX509_NAME_ENTRY_create_by_txt()\fR, \fIX509_NAME_ENTRY_create_by_OBJ()\fR, +\&\fIX509_NAME_ENTRY_create_by_NID()\fR and \fIX509_NAME_ENTRY_set_data()\fR +are seldom used in practice because \fBX509_NAME_ENTRY\fR structures +are almost always part of \fBX509_NAME\fR structures and the +corresponding \fBX509_NAME\fR functions are typically used to +create and add new entries in a single operation. +.PP +The arguments of these functions support similar options to the similarly +named ones of the corresponding \fBX509_NAME\fR functions such as +\&\fIX509_NAME_add_entry_by_txt()\fR. So for example \fBtype\fR can be set to +\&\fB\s-1MBSTRING_ASC\s0\fR but in the case of \fIX509_set_data()\fR the field name must be +set first so the relevant field information can be looked up internally. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3), +\&\fIOBJ_nid2obj\fR\|(3),OBJ_nid2obj(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 0000000..754b9e3 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:48 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_add_entry_by_txt 3" +.TH X509_NAME_add_entry_by_txt 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID, +X509_NAME_add_entry, X509_NAME_delete_entry \- X509_NAME modification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set); +X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR and +\&\fIX509_NAME_add_entry_by_NID()\fR add a field whose name is defined +by a string \fBfield\fR, an object \fBobj\fR or a \s-1NID\s0 \fBnid\fR respectively. +The field value to be added is in \fBbytes\fR of length \fBlen\fR. If +\&\fBlen\fR is \-1 then the field length is calculated internally using +strlen(bytes). +.PP +The type of field is determined by \fBtype\fR which can either be a +definition of the type of \fBbytes\fR (such as \fB\s-1MBSTRING_ASC\s0\fR) or a +standard \s-1ASN1\s0 type (such as \fBV_ASN1_IA5STRING\fR). The new entry is +added to a position determined by \fBloc\fR and \fBset\fR. +.PP +\&\fIX509_NAME_add_entry()\fR adds a copy of \fBX509_NAME_ENTRY\fR structure \fBne\fR +to \fBname\fR. The new entry is added to a position determined by \fBloc\fR +and \fBset\fR. Since a copy of \fBne\fR is added \fBne\fR must be freed up after +the call. +.PP +\&\fIX509_NAME_delete_entry()\fR deletes an entry from \fBname\fR at position +\&\fBloc\fR. The deleted entry is returned and must be freed up. +.SH "NOTES" +.IX Header "NOTES" +The use of string types such as \fB\s-1MBSTRING_ASC\s0\fR or \fB\s-1MBSTRING_UTF8\s0\fR +is strongly recommened for the \fBtype\fR parameter. This allows the +internal code to correctly determine the type of the field and to +apply length checks according to the relevant standards. This is +done using \fIASN1_STRING_set_by_NID()\fR. +.PP +If instead an \s-1ASN1\s0 type is used no checks are performed and the +supplied data in \fBbytes\fR is used directly. +.PP +In \fIX509_NAME_add_entry_by_txt()\fR the \fBfield\fR string represents +the field name using OBJ_txt2obj(field, 0). +.PP +The \fBloc\fR and \fBset\fR parameters determine where a new entry should +be added. For almost all applications \fBloc\fR can be set to \-1 and \fBset\fR +to 0. This adds a new entry to the end of \fBname\fR as a single valued +RelativeDistinguishedName (\s-1RDN\s0). +.PP +\&\fBloc\fR actually determines the index where the new entry is inserted: +if it is \-1 it is appended. +.PP +\&\fBset\fR determines how the new type is added. If it is zero a +new \s-1RDN\s0 is created. +.PP +If \fBset\fR is \-1 or 1 it is added to the previous or next \s-1RDN\s0 +structure respectively. This will then be a multivalued \s-1RDN:\s0 +since multivalues RDNs are very seldom used \fBset\fR is almost +always set to zero. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \fBX509_NAME\fR structure: +.PP +\&\*(L"C=UK, O=Disorganized Organization, CN=Joe Bloggs\*(R" +.PP +.Vb 13 +\& X509_NAME *nm; +\& nm = X509_NAME_new(); +\& if (nm == NULL) +\& /* Some error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "C", "UK", -1, -1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "O", "Disorganized Organization", -1, -1, 0)) +\& /* Error */ +\& if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC, +\& "CN", "Joe Bloggs", -1, -1, 0)) +\& /* Error */ +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_add_entry_by_txt()\fR, \fIX509_NAME_add_entry_by_OBJ()\fR, +\&\fIX509_NAME_add_entry_by_NID()\fR and \fIX509_NAME_add_entry()\fR return 1 for +success of 0 if an error occurred. +.PP +\&\fIX509_NAME_delete_entry()\fR returns either the deleted \fBX509_NAME_ENTRY\fR +structure of \fB\s-1NULL\s0\fR if an error occurred. +.SH "BUGS" +.IX Header "BUGS" +\&\fBtype\fR can still be set to \fBV_ASN1_APP_CHOOSE\fR to use a +different algorithm to determine field types. Since this form does +not understand multicharacter types, performs no length checks and +can result in invalid field types its use is strongly discouraged. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 new file mode 100644 index 0000000..0b8081e --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,241 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:49 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_get_index_by_NID 3" +.TH X509_NAME_get_index_by_NID 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry, +X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ \- +X509_NAME lookup and enumeration functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); +int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos); +.PP +int X509_NAME_entry_count(X509_NAME *name); +X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +.PP +int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, \s-1ASN1_OBJECT\s0 *obj, char *buf,int len); +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions allow an \fBX509_NAME\fR structure to be examined. The +\&\fBX509_NAME\fR structure is the same as the \fBName\fR type defined in +\&\s-1RFC2459\s0 (and elsewhere) and used for example in certificate subject +and issuer names. +.PP +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR retrieve +the next index matching \fBnid\fR or \fBobj\fR after \fBlastpos\fR. \fBlastpos\fR +should initially be set to \-1. If there are no more entries \-1 is returned. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries in \fBname\fR. +.PP +\&\fIX509_NAME_get_entry()\fR retrieves the \fBX509_NAME_ENTRY\fR from \fBname\fR +corresponding to index \fBloc\fR. Acceptable values for \fBloc\fR run from +0 to (X509_NAME_entry_count(name) \- 1). The value returned is an +internal pointer which must not be freed. +.PP +\&\fIX509_NAME_get_text_by_NID()\fR, \fIX509_NAME_get_text_by_OBJ()\fR retrieve +the \*(L"text\*(R" from the first entry in \fBname\fR which matches \fBnid\fR or +\&\fBobj\fR, if no such entry exists \-1 is returned. At most \fBlen\fR bytes +will be written and the text written to \fBbuf\fR will be null +terminated. The length of the output string written is returned +excluding the terminating null. If \fBbuf\fR is <\s-1NULL\s0> then the amount +of space needed in \fBbuf\fR (excluding the final null) is returned. +.SH "NOTES" +.IX Header "NOTES" +\&\fIX509_NAME_get_text_by_NID()\fR and \fIX509_NAME_get_text_by_OBJ()\fR are +legacy functions which have various limitations which make them +of minimal use in practice. They can only find the first matching +entry and will copy the contents of the field verbatim: this can +be highly confusing if the target is a muticharacter string type +like a BMPString or a UTF8String. +.PP +For a more general solution \fIX509_NAME_get_index_by_NID()\fR or +\&\fIX509_NAME_get_index_by_OBJ()\fR should be used followed by +\&\fIX509_NAME_get_entry()\fR on any matching indices and then the +various \fBX509_NAME_ENTRY\fR utility functions on the result. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Process all entries: +.PP +.Vb 2 +\& int i; +\& X509_NAME_ENTRY *e; +.Ve +.Vb 5 +\& for (i = 0; i < X509_NAME_entry_count(nm); i++) +\& { +\& e = X509_NAME_get_entry(nm, i); +\& /* Do something with e */ +\& } +.Ve +Process all commonName entries: +.PP +.Vb 2 +\& int loc; +\& X509_NAME_ENTRY *e; +.Ve +.Vb 9 +\& loc = -1; +\& for (;;) +\& { +\& lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); +\& if (lastpos == -1) +\& break; +\& e = X509_NAME_get_entry(nm, lastpos); +\& /* Do something with e */ +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIX509_NAME_get_index_by_NID()\fR and \fIX509_NAME_get_index_by_OBJ()\fR +return the index of the next matching entry or \-1 if not found. +.PP +\&\fIX509_NAME_entry_count()\fR returns the total number of entries. +.PP +\&\fIX509_NAME_get_entry()\fR returns an \fBX509_NAME\fR pointer to the +requested entry or \fB\s-1NULL\s0\fR if the index is invalid. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509_NAME(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 new file mode 100644 index 0000000..bb2e9ac --- /dev/null +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:50 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_NAME_print_ex 3" +.TH X509_NAME_print_ex 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print, +X509_NAME_oneline \- X509_NAME printing routines. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 4 +\& int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +\& int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); +\& char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); +\& int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIX509_NAME_print_ex()\fR prints a human readable version of \fBnm\fR to \s-1BIO\s0 \fBout\fR. Each +line (for multiline formats) is indented by \fBindent\fR spaces. The output format +can be extensively customised by use of the \fBflags\fR parameter. +.PP +\&\fIX509_NAME_print_ex_fp()\fR is identical to \fIX509_NAME_print_ex()\fR except the output is +written to \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIX509_NAME_oneline()\fR prints an \s-1ASCII\s0 version of \fBa\fR to \fBbuf\fR. At most \fBsize\fR +bytes will be written. If \fBbuf\fR is \fB\s-1NULL\s0\fR then a buffer is dynamically allocated +and returned, otherwise \fBbuf\fR is returned. +.PP +\&\fIX509_NAME_print()\fR prints out \fBname\fR to \fBbp\fR indenting each line by \fBobase\fR +characters. Multiple lines are used if the output (including indent) exceeds +80 characters. +.SH "NOTES" +.IX Header "NOTES" +The functions \fIX509_NAME_oneline()\fR and \fIX509_NAME_print()\fR are legacy functions which +produce a non standard output form, they don't handle multi character fields and +have various quirks and inconsistencies. Their use is strongly discouraged in new +applications. +.PP +Although there are a large number of possible flags for most purposes +\&\fB\s-1XN_FLAG_ONELINE\s0\fR, \fB\s-1XN_FLAG_MULTILINE\s0\fR or \fB\s-1XN_FLAG_RFC2253\s0\fR will suffice. +As noted on the ASN1_STRING_print_ex(3) manual page +for \s-1UTF8\s0 terminals the \fB\s-1ASN1_STRFLAGS_ESC_MSB\s0\fR should be unset: so for example +\&\fB\s-1XN_FLAG_ONELINE\s0 & ~ASN1_STRFLAGS_ESC_MSB\fR would be used. +.PP +The complete set of the flags supported by \fIX509_NAME_print_ex()\fR is listed below. +.PP +Several options can be ored together. +.PP +The options \fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR, \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR, +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR and \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR determine the field separators +to use. Two distinct separators are used between distinct RelativeDistinguishedName +components and separate values in the same \s-1RDN\s0 for a multi-valued \s-1RDN\s0. Multi-valued +RDNs are currently very rare so the second separator will hardly ever be used. +.PP +\&\fB\s-1XN_FLAG_SEP_COMMA_PLUS\s0\fR uses comma and plus as separators. \fB\s-1XN_FLAG_SEP_CPLUS_SPC\s0\fR +uses comma and plus with spaces: this is more readable that plain comma and plus. +\&\fB\s-1XN_FLAG_SEP_SPLUS_SPC\s0\fR uses spaced semicolon and plus. \fB\s-1XN_FLAG_SEP_MULTILINE\s0\fR uses +spaced newline and plus respectively. +.PP +If \fB\s-1XN_FLAG_DN_REV\s0\fR is set the whole \s-1DN\s0 is printed in reversed order. +.PP +The fields \fB\s-1XN_FLAG_FN_SN\s0\fR, \fB\s-1XN_FLAG_FN_LN\s0\fR, \fB\s-1XN_FLAG_FN_OID\s0\fR, +\&\fB\s-1XN_FLAG_FN_NONE\s0\fR determine how a field name is displayed. It will +use the short name (e.g. \s-1CN\s0) the long name (e.g. commonName) always +use \s-1OID\s0 numerical form (normally OIDs are only used if the field name is not +recognised) and no field name respectively. +.PP +If \fB\s-1XN_FLAG_SPC_EQ\s0\fR is set then spaces will be placed around the '=' character +separating field names and values. +.PP +If \fB\s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR is set then the encoding of unknown fields is +printed instead of the values. +.PP +If \fB\s-1XN_FLAG_FN_ALIGN\s0\fR is set then field names are padded to 20 characters: this +is only of use for multiline format. +.PP +Additionally all the options supported by \fIASN1_STRING_print_ex()\fR can be used to +control how each field value is displayed. +.PP +In addition a number options can be set for commonly used formats. +.PP +\&\fB\s-1XN_FLAG_RFC2253\s0\fR sets options which produce an output compatible with \s-1RFC2253\s0 it +is equivalent to: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1XN_FLAG_SEP_COMMA_PLUS\s0 | \s-1XN_FLAG_DN_REV\s0 | \s-1XN_FLAG_FN_SN\s0 | \s-1XN_FLAG_DUMP_UNKNOWN_FIELDS\s0\fR +.PP +\&\fB\s-1XN_FLAG_ONELINE\s0\fR is a more readable one line format it is the same as: + \fB\s-1ASN1_STRFLGS_RFC2253\s0 | \s-1ASN1_STRFLGS_ESC_QUOTE\s0 | \s-1XN_FLAG_SEP_CPLUS_SPC\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_SN\s0\fR +.PP +\&\fB\s-1XN_FLAG_MULTILINE\s0\fR is a multiline format is is the same as: + \fB\s-1ASN1_STRFLGS_ESC_CTRL\s0 | \s-1ASN1_STRFLGS_ESC_MSB\s0 | \s-1XN_FLAG_SEP_MULTILINE\s0 | \s-1XN_FLAG_SPC_EQ\s0 | \s-1XN_FLAG_FN_LN\s0 | \s-1XN_FLAG_FN_ALIGN\s0\fR +.PP +\&\fB\s-1XN_FLAG_COMPAT\s0\fR uses a format identical to \fIX509_NAME_print()\fR: in fact it calls \fIX509_NAME_print()\fR internally. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ASN1_STRING_print_ex(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 new file mode 100644 index 0000000..44d0c72 --- /dev/null +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:28:52 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509_new 3" +.TH X509_new 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& X509 *X509_new(void); +\& void X509_free(X509 *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 \s-1ASN1\s0 allocation routines, allocate and free an +X509 structure, which represents an X509 certificate. +.PP +\&\fIX509_new()\fR allocates and initializes a X509 structure. +.PP +\&\fIX509_free()\fR frees up the \fBX509\fR structure \fBa\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIX509_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). +Otherwise it returns a pointer to the newly allocated structure. +.PP +\&\fIX509_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3), d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIX509_new()\fR and \fIX509_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 327f8b1..a2f96bc 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:57 2002 +.\" Mon Jan 13 19:28:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bio 3" -.TH bio 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bio \- I/O abstraction diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index 4433e24..789c06e 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:57 2002 +.\" Mon Jan 13 19:28:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH blowfish 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 0c1e345..e3ed4c7 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:58 2002 +.\" Mon Jan 13 19:28:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bn 3" -.TH bn 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH bn 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bn \- multiprecision integer arithmetics @@ -163,21 +163,30 @@ bn \- multiprecision integer arithmetics \& BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); \& BIGNUM *BN_dup(const BIGNUM *a); .Ve +.Vb 1 +\& BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); +.Ve .Vb 3 \& int BN_num_bytes(const BIGNUM *a); \& int BN_num_bits(const BIGNUM *a); \& int BN_num_bits_word(BN_ULONG w); .Ve -.Vb 13 -\& int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); +.Vb 19 +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); \& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, \& BN_CTX *ctx); -\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); \& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); \& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, \& BN_CTX *ctx); +\& int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); \& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); \& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, \& const BIGNUM *m, BN_CTX *ctx); @@ -201,7 +210,7 @@ bn \- multiprecision integer arithmetics .Vb 5 \& int BN_zero(BIGNUM *a); \& int BN_one(BIGNUM *a); -\& BIGNUM *BN_value_one(void); +\& const BIGNUM *BN_value_one(void); \& int BN_set_word(BIGNUM *a, unsigned long w); \& unsigned long BN_get_word(BIGNUM *a); .Ve @@ -291,7 +300,7 @@ of \fB\s-1BIGNUM\s0\fRs to external formats is described in BN_bn2bin(3). bn_internal(3), dh(3), err(3), rand(3), rsa(3), BN_new(3), BN_CTX_new(3), -BN_copy(3), BN_num_bytes(3), +BN_copy(3), BN_swap(3), BN_num_bytes(3), BN_add(3), BN_add_word(3), BN_cmp(3), BN_zero(3), BN_rand(3), BN_generate_prime(3), BN_set_bit(3), diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index a00f9dcb..8b4546b 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:58 2002 +.\" Mon Jan 13 19:28:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH bn_internal 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, @@ -176,9 +176,9 @@ library internal functions \& int nb); \& void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); \& void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, -\& BN_ULONG *tmp); +\& int dna,int dnb,BN_ULONG *tmp); \& void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, -\& int tn, int n, BN_ULONG *tmp); +\& int n, int tna,int tnb, BN_ULONG *tmp); \& void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, \& int n2, BN_ULONG *tmp); \& void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, @@ -297,14 +297,15 @@ bn_mul_low_normal(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR wo arrays \fBr\fR, \fBa\fR and \fBb\fR. It computes the \fBn\fR low words of \&\fBa\fR*\fBb\fR and places the result in \fBr\fR. .PP -bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBt\fR) operates on the \fBn2\fR -word arrays \fBa\fR and \fBb\fR and the 2*\fBn2\fR word arrays \fBr\fR and \fBt\fR. -\&\fBn2\fR must be a power of 2. It computes \fBa\fR*\fBb\fR and places the -result in \fBr\fR. +bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBdna\fR, \fBdnb\fR, \fBt\fR) operates +on the word arrays \fBa\fR and \fBb\fR of length \fBn2\fR+\fBdna\fR and \fBn2\fR+\fBdnb\fR +(\fBdna\fR and \fBdnb\fR are currently allowed to be 0 or negative) and the 2*\fBn2\fR +word arrays \fBr\fR and \fBt\fR. \fBn2\fR must be a power of 2. It computes +\&\fBa\fR*\fBb\fR and places the result in \fBr\fR. .PP -bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBtn\fR, \fBn\fR, \fBtmp\fR) operates -on the \fBn\fR+\fBtn\fR word arrays \fBa\fR and \fBb\fR and the 4*\fBn\fR word arrays -\&\fBr\fR and \fBtmp\fR. +bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR, \fBtna\fR, \fBtnb\fR, \fBtmp\fR) +operates on the word arrays \fBa\fR and \fBb\fR of length \fBn\fR+\fBtna\fR and +\&\fBn\fR+\fBtnb\fR and the 4*\fBn\fR word arrays \fBr\fR and \fBtmp\fR. .PP bn_mul_low_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBtmp\fR) operates on the \&\fBn2\fR word arrays \fBr\fR and \fBtmp\fR and the \fBn2\fR/2 word arrays \fBa\fR diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index 4687d39..4920493 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:59 2002 +.\" Mon Jan 13 19:28:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH buffer 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple diff --git a/secure/lib/libcrypto/man/config.1 b/secure/lib/libcrypto/man/config.1 deleted file mode 100644 index ff88004..0000000 --- a/secure/lib/libcrypto/man/config.1 +++ /dev/null @@ -1,282 +0,0 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Thu May 9 13:14:01 2002 -.\" -.\" Standard preamble: -.\" ====================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.de Vb \" Begin verbatim text -.ft CW -.nf -.ne \\$1 -.. -.de Ve \" End verbatim text -.ft R - -.fi -.. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> -.tr \(*W-|\(bv\*(Tr -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" -. ds C` "" -. ds C' "" -'br\} -.el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' -'br\} -.\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. -.if \nF \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" -.. -. nr % 0 -. rr F -.\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. -.hy 0 -.if n .na -.\" -.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). -.\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C -.\" ====================================================================== -.\" -.IX Title "CONFIG 1" -.TH CONFIG 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" -.UC -.SH "NAME" -config \- OpenSSL \s-1CONF\s0 library configuration files -.SH "DESCRIPTION" -.IX Header "DESCRIPTION" -The OpenSSL \s-1CONF\s0 library can be used to read configuration files. -It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR -and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension -files for the \fBx509\fR utility. -.PP -A configuration file is divided into a number of sections. Each section -starts with a line \fB[ section_name ]\fR and ends when a new section is -started or end of file is reached. A section name can consist of -alphanumeric characters and underscores. -.PP -The first section of a configuration file is special and is referred -to as the \fBdefault\fR section this is usually unnamed and is from the -start of file until the first named section. When a name is being looked up -it is first looked up in a named section (if any) and then the -default section. -.PP -The environment is mapped onto a section called \fB\s-1ENV\s0\fR. -.PP -Comments can be included by preceding them with the \fB#\fR character -.PP -Each section in a configuration file consists of a number of name and -value pairs of the form \fBname=value\fR -.PP -The \fBname\fR string can contain any alphanumeric characters as well as -a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. -.PP -The \fBvalue\fR string consists of the string following the \fB=\fR character -until end of line with any leading and trailing white space removed. -.PP -The value string undergoes variable expansion. This can be done by -including the form \fB$var\fR or \fB${var}\fR: this will substitute the value -of the named variable in the current section. It is also possible to -substitute a value from another section using the syntax \fB$section::name\fR -or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment -variables can be substituted. It is also possible to assign values to -environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work -if the program looks up environment variables using the \fB\s-1CONF\s0\fR library -instead of calling \fB\f(BIgetenv()\fB\fR directly. -.PP -It is possible to escape certain characters by using any kind of quote -or the \fB\e\fR character. By making the last character of a line a \fB\e\fR -a \fBvalue\fR string can be spread across multiple lines. In addition -the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. -.SH "NOTES" -.IX Header "NOTES" -If a configuration file attempts to expand a variable that doesn't exist -then an error is flagged and the file will not load. This can happen -if an attempt is made to expand an environment variable that doesn't -exist. For example the default OpenSSL master configuration file used -the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems. -.PP -This can be worked around by including a \fBdefault\fR section to provide -a default value: then if the environment lookup fails the default value -will be used instead. For this to work properly the default value must -be defined earlier in the configuration file than the expansion. See -the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. -.PP -If the same variable exists in the same section then all but the last -value will be silently ignored. In certain circumstances such as with -DNs the same field may occur multiple times. This is usually worked -around by ignoring any characters before an initial \fB.\fR e.g. -.PP -.Vb 2 -\& 1.OU="My first OU" -\& 2.OU="My Second OU" -.Ve -.SH "EXAMPLES" -.IX Header "EXAMPLES" -Here is a sample configuration file using some of the features -mentioned above. -.PP -.Vb 1 -\& # This is the default section. -.Ve -.Vb 3 -\& HOME=/temp -\& RANDFILE= ${ENV::HOME}/.rnd -\& configdir=$ENV::HOME/config -.Ve -.Vb 1 -\& [ section_one ] -.Ve -.Vb 1 -\& # We are now in section one. -.Ve -.Vb 2 -\& # Quotes permit leading and trailing whitespace -\& any = " any variable name " -.Ve -.Vb 3 -\& other = A string that can \e -\& cover several lines \e -\& by including \e\e characters -.Ve -.Vb 1 -\& message = Hello World\en -.Ve -.Vb 1 -\& [ section_two ] -.Ve -.Vb 1 -\& greeting = $section_one::message -.Ve -This next example shows how to expand environment variables safely. -.PP -Suppose you want a variable called \fBtmpfile\fR to refer to a -temporary filename. The directory it is placed in can determined by -the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be -set to any value at all. If you just include the environment variable -names and the variable doesn't exist then this will cause an error when -an attempt is made to load the configuration file. By making use of the -default section both values can be looked up with \fB\s-1TEMP\s0\fR taking -priority and \fB/tmp\fR used if neither is defined: -.PP -.Vb 5 -\& TMP=/tmp -\& # The above value is used if TMP isn't in the environment -\& TEMP=$ENV::TMP -\& # The above value is used if TEMP isn't in the environment -\& tmpfile=${ENV::TEMP}/tmp.filename -.Ve -.SH "BUGS" -.IX Header "BUGS" -Currently there is no way to include characters using the octal \fB\ennn\fR -form. Strings are all null terminated so nulls cannot form part of -the value. -.PP -The escaping isn't quite right: if you want to use sequences like \fB\en\fR -you can't use any quote escaping on the same line. -.PP -Files are loaded in a single pass. This means that an variable expansion -will only work if the variables referenced are defined earlier in the -file. -.SH "SEE ALSO" -.IX Header "SEE ALSO" -x509(1), req(1), ca(1) diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 38ef4b6..2152f83 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:00 2002 +.\" Mon Jan 13 19:28:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH crypto 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" crypto \- OpenSSL cryptographic library @@ -187,6 +187,22 @@ pkcs7(3), pkcs12(3) bn(3), buffer(3), lhash(3), objects(3), stack(3), txt_db(3) +.SH "NOTES" +.IX Header "NOTES" +Some of the newer functions follow a naming convention using the numbers +\&\fB0\fR and \fB1\fR. For example the functions: +.PP +.Vb 2 +\& int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +\& int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); +.Ve +The \fB0\fR version uses the supplied structure pointer directly +in the parent and it will be freed up when the parent is freed. +In the above example \fBcrl\fR would be freed but \fBrev\fR would not. +.PP +The \fB1\fR function uses a copy of the supplied structure pointer +(or in some cases increases its link count) in the parent and +so both (\fBx\fR and \fBobj\fR above) should be freed up. .SH "SEE ALSO" .IX Header "SEE ALSO" openssl(1), ssl(3) diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 new file mode 100644 index 0000000..a1579df --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -0,0 +1,165 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:00 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_ASN1_OBJECT 3" +.TH d2i_ASN1_OBJECT 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/objects.h> +.Ve +.Vb 2 +\& ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length); +\& int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 845a38c..deda229 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:01 2002 +.\" Mon Jan 13 19:29:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,10 @@ .\" ====================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH d2i_DHparams 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -d2i_DHparams, i2d_DHparams \- ... +d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -153,13 +153,14 @@ d2i_DHparams, i2d_DHparams \- ... .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&... -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&... +These functions decode and encode PKCS#3 \s-1DH\s0 parameters using the +DHparameter structure described in PKCS#3. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&... +d2i_X509(3) .SH "HISTORY" .IX Header "HISTORY" -\&... +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 new file mode 100644 index 0000000..faef90d --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -0,0 +1,226 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:02 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_DSAPublicKey 3" +.TH d2i_DSAPublicKey 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey, +d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG \- \s-1DSA\s0 key encoding +and parsing functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSAparams(const DSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fId2i_DSAPublicKey()\fR and \fIi2d_DSAPublicKey()\fR decode and encode the \s-1DSA\s0 public key +components structure. +.PP +\&\fId2i_DSA_PUKEY()\fR and \fIi2d_DSA_PUKEY()\fR decode and encode an \s-1DSA\s0 public key using a +SubjectPublicKeyInfo (certificate public key) structure. +.PP +\&\fId2i_DSAPrivateKey()\fR, \fIi2d_DSAPrivateKey()\fR decode and encode the \s-1DSA\s0 private key +components. +.PP +\&\fId2i_DSAparams()\fR, \fIi2d_DSAparams()\fR decode and encode the \s-1DSA\s0 parameters using +a \fBDss-Parms\fR structure as defined in \s-1RFC2459\s0. +.PP +\&\fId2i_DSA_SIG()\fR, \fIi2d_DSA_SIG()\fR decode and encode a \s-1DSA\s0 signature using a +\&\fBDss-Sig-Value\fR structure as defined in \s-1RFC2459\s0. +.PP +The usage of all of these functions is similar to the \fId2i_X509()\fR and +\&\fIi2d_X509()\fR described in the d2i_X509(3) manual page. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1DSA\s0\fR structure passed to the private key encoding functions should have +all the private key components present. +.PP +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions should be used in preference to the \fBDSAPublicKey\fR +functions when encoding public keys because they use a standard format. +.PP +The \fBDSAPublicKey\fR functions use an non standard format the actual data encoded +depends on the value of the \fBwrite_params\fR field of the \fBa\fR key parameter. +If \fBwrite_params\fR is zero then only the \fBpub_key\fR field is encoded as an +\&\fB\s-1INTEGER\s0\fR. If \fBwrite_params\fR is 1 then a \fB\s-1SEQUENCE\s0\fR consisting of the +\&\fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR respectively fields are encoded. +.PP +The \fBDSAPrivateKey\fR functions also use a non standard structure consiting +consisting of a \s-1SEQUENCE\s0 containing the \fBp\fR, \fBq\fR, \fBg\fR and \fBpub_key\fR and +\&\fBpriv_key\fR fields respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 new file mode 100644 index 0000000..3e233b9 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:03 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_PKCS8PrivateKey 3" +.TH d2i_PKCS8PrivateKey 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp, +i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp \- PKCS#8 format private key functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 2 +\& EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); +\& EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The PKCS#8 functions encode and decode private keys in PKCS#8 format using both +PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms. +.PP +Other than the use of \s-1DER\s0 as opposed to \s-1PEM\s0 these functions are identical to the +corresponding \fB\s-1PEM\s0\fR function as described in the pem(3) manual page. +.SH "NOTES" +.IX Header "NOTES" +Before using these functions OpenSSL_add_all_algorithms(3) +should be called to initialize the internal algorithm lookup tables otherwise errors about +unknown algorithms will occur if an attempt is made to decrypt a private key. +.PP +These functions are currently the only way to store encrypted private keys using \s-1DER\s0 format. +.PP +Currently all the functions use BIOs or \s-1FILE\s0 pointers, there are no functions which +work directly on memory: this can be readily worked around by converting the buffers +to memory BIOs, see BIO_s_mem(3) for details. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +pem(3) diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 97a381b..06bed77 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:01 2002 +.\" Mon Jan 13 19:29:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,10 +138,12 @@ .\" ====================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH d2i_RSAPublicKey 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ... +d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, +d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA, +d2i_Netscape_RSA \- \s-1RSA\s0 public and private key encoding functions. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 @@ -154,6 +156,12 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne \& int i2d_RSAPublicKey(RSA *a, unsigned char **pp); .Ve .Vb 1 +\& RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp); +.Ve +.Vb 1 \& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); .Ve .Vb 1 @@ -167,13 +175,34 @@ d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Ne .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&... -.SH "RETURN VALUES" -.IX Header "RETURN VALUES" -\&... +\&\fId2i_RSAPublicKey()\fR and \fIi2d_RSAPublicKey()\fR decode and encode a PKCS#1 RSAPublicKey +structure. +.PP +\&\fId2i_RSA_PUKEY()\fR and \fIi2d_RSA_PUKEY()\fR decode and encode an \s-1RSA\s0 public key using a +SubjectPublicKeyInfo (certificate public key) structure. +.PP +\&\fId2i_RSAPrivateKey()\fR, \fIi2d_RSAPrivateKey()\fR decode and encode a PKCS#1 RSAPrivateKey +structure. +.PP +\&\fId2i_Netscape_RSA()\fR, \fIi2d_Netscape_RSA()\fR decode and encode an \s-1RSA\s0 private key in +\&\s-1NET\s0 format. +.PP +The usage of all of these functions is similar to the \fId2i_X509()\fR and +\&\fIi2d_X509()\fR described in the d2i_X509(3) manual page. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1RSA\s0\fR structure passed to the private key encoding functions should have +all the PKCS#1 private key components present. +.PP +The data encoded by the private key functions is unencrypted and therefore +offers no private key security. +.PP +The \s-1NET\s0 format functions are present to provide compatibility with certain very +old software. This format has some severe security weaknesses and should be +avoided if possible. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&... +d2i_X509(3) .SH "HISTORY" .IX Header "HISTORY" -\&... +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 new file mode 100644 index 0000000..c69f3de --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -0,0 +1,396 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:05 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509 3" +.TH d2i_X509 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio, +i2d_X509_fp \- X509 encode and decode functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509 *d2i_X509(X509 **px, unsigned char **in, int len); +\& int i2d_X509(X509 *x, unsigned char **out); +.Ve +.Vb 2 +\& X509 *d2i_X509_bio(BIO *bp, X509 **x); +\& X509 *d2i_X509_fp(FILE *fp, X509 **x); +.Ve +.Vb 2 +\& int i2d_X509_bio(X509 *x, BIO *bp); +\& int i2d_X509_fp(X509 *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The X509 encode and decode routines encode and parse an +\&\fBX509\fR structure, which represents an X509 certificate. +.PP +\&\fId2i_X509()\fR attempts to decode \fBlen\fR bytes at \fB*out\fR. If +successful a pointer to the \fBX509\fR structure is returned. If an error +occurred then \fB\s-1NULL\s0\fR is returned. If \fBpx\fR is not \fB\s-1NULL\s0\fR then the +returned structure is written to \fB*px\fR. If \fB*px\fR is not \fB\s-1NULL\s0\fR +then it is assumed that \fB*px\fR contains a valid \fBX509\fR +structure and an attempt is made to reuse it. If the call is +successful \fB*out\fR is incremented to the byte following the +parsed data. +.PP +\&\fIi2d_X509()\fR encodes the structure pointed to by \fBx\fR into \s-1DER\s0 format. +If \fBout\fR is not \fB\s-1NULL\s0\fR is writes the \s-1DER\s0 encoded data to the buffer +at \fB*out\fR, and increments it to point after the data just written. +If the return value is negative an error occurred, otherwise it +returns the length of the encoded data. +.PP +For OpenSSL 0.9.7 and later if \fB*out\fR is \fB\s-1NULL\s0\fR memory will be +allocated for a buffer and the encoded data written to it. In this +case \fB*out\fR is not incremented and it points to the start of the +data just written. +.PP +\&\fId2i_X509_bio()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1BIO\s0 \fBbp\fR. +.PP +\&\fId2i_X509_fp()\fR is similar to \fId2i_X509()\fR except it attempts +to parse data from \s-1FILE\s0 pointer \fBfp\fR. +.PP +\&\fIi2d_X509_bio()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.PP +\&\fIi2d_X509_fp()\fR is similar to \fIi2d_X509()\fR except it writes +the encoding of the structure \fBx\fR to \s-1BIO\s0 \fBbp\fR and it +returns 1 for success and 0 for failure. +.SH "NOTES" +.IX Header "NOTES" +The letters \fBi\fR and \fBd\fR in for example \fBi2d_X509\fR stand for +\&\*(L"internal\*(R" (that is an internal C structure) and \*(L"\s-1DER\s0\*(R". So that +\&\fBi2d_X509\fR converts from internal to \s-1DER\s0. +.PP +The functions can also understand \fB\s-1BER\s0\fR forms. +.PP +The actual X509 structure passed to \fIi2d_X509()\fR must be a valid +populated \fBX509\fR structure it can \fBnot\fR simply be fed with an +empty structure such as that returned by \fIX509_new()\fR. +.PP +The encoded data is in binary form and may contain embedded zeroes. +Therefore any \s-1FILE\s0 pointers or BIOs should be opened in binary mode. +Functions such as \fB\f(BIstrlen()\fB\fR will \fBnot\fR return the correct length +of the encoded structure. +.PP +The ways that \fB*in\fR and \fB*out\fR are incremented after the operation +can trap the unwary. See the \fB\s-1WARNINGS\s0\fR section for some common +errors. +.PP +The reason for the auto increment behaviour is to reflect a typical +usage of \s-1ASN1\s0 functions: after one structure is encoded or decoded +another will processed after it. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Allocate and encode the \s-1DER\s0 encoding of an X509 structure: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& len = i2d_X509(x, NULL); +.Ve +.Vb 1 +\& buf = OPENSSL_malloc(len); +.Ve +.Vb 2 +\& if (buf == NULL) +\& /* error */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& i2d_X509(x, &p); +.Ve +If you are using OpenSSL 0.9.7 or later then this can be +simplified to: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +.Ve +.Vb 1 +\& buf = NULL; +.Ve +.Vb 1 +\& len = i2d_X509(x, &buf); +.Ve +.Vb 2 +\& if (len < 0) +\& /* error */ +.Ve +Attempt to decode a buffer: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 1 +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& int len; +.Ve +.Vb 1 +\& /* Something to setup buf and len */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& x = d2i_X509(NULL, &p, len); +.Ve +.Vb 2 +\& if (x == NULL) +\& /* Some error */ +.Ve +Alternative technique: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 1 +\& unsigned char *buf, *p; +.Ve +.Vb 1 +\& int len; +.Ve +.Vb 1 +\& /* Something to setup buf and len */ +.Ve +.Vb 1 +\& p = buf; +.Ve +.Vb 1 +\& x = NULL; +.Ve +.Vb 2 +\& if(!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +The use of temporary variable is mandatory. A common +mistake is to attempt to use a buffer directly as follows: +.PP +.Vb 2 +\& int len; +\& unsigned char *buf; +.Ve +.Vb 1 +\& len = i2d_X509(x, NULL); +.Ve +.Vb 1 +\& buf = OPENSSL_malloc(len); +.Ve +.Vb 2 +\& if (buf == NULL) +\& /* error */ +.Ve +.Vb 1 +\& i2d_X509(x, &buf); +.Ve +.Vb 1 +\& /* Other stuff ... */ +.Ve +.Vb 1 +\& OPENSSL_free(buf); +.Ve +This code will result in \fBbuf\fR apparently containing garbage because +it was incremented after the call to point after the data just written. +Also \fBbuf\fR will no longer contain the pointer allocated by \fB\f(BIOPENSSL_malloc()\fB\fR +and the subsequent call to \fB\f(BIOPENSSL_free()\fB\fR may well crash. +.PP +The auto allocation feature (setting buf to \s-1NULL\s0) only works on OpenSSL +0.9.7 and later. Attempts to use it on earlier versions will typically +cause a segmentation violation. +.PP +Another trap to avoid is misuse of the \fBxp\fR argument to \fB\f(BId2i_X509()\fB\fR: +.PP +.Vb 1 +\& X509 *x; +.Ve +.Vb 2 +\& if (!d2i_X509(&x, &p, len)) +\& /* Some error */ +.Ve +This will probably crash somewhere in \fB\f(BId2i_X509()\fB\fR. The reason for this +is that the variable \fBx\fR is uninitialized and an attempt will be made to +interpret its (invalid) value as an \fBX509\fR structure, typically causing +a segmentation violation. If \fBx\fR is set to \s-1NULL\s0 first then this will not +happen. +.SH "BUGS" +.IX Header "BUGS" +In some versions of OpenSSL the \*(L"reuse\*(R" behaviour of \fId2i_X509()\fR when +\&\fB*px\fR is valid is broken and some parts of the reused structure may +persist if they are not present in the new one. As a result the use +of this \*(L"reuse\*(R" behaviour is strongly discouraged. +.PP +\&\fIi2d_X509()\fR will not return an error in many versions of OpenSSL, +if mandatory fields are not initialized due to a programming error +then the encoded structure may contain invalid data or omit the +fields entirely and will not be parsed by \fId2i_X509()\fR. This may be +fixed in future so code should not assume that \fIi2d_X509()\fR will +always succeed. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_X509()\fR, \fId2i_X509_bio()\fR and \fId2i_X509_fp()\fR return a valid \fBX509\fR structure +or \fB\s-1NULL\s0\fR if an error occurs. The error code that can be obtained by +ERR_get_error(3). +.PP +\&\fIi2d_X509()\fR, \fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR return a the number of bytes +successfully encoded or a negative value if an error occurs. The error code +can be obtained by ERR_get_error(3). +.PP +\&\fIi2d_X509_bio()\fR and \fIi2d_X509_fp()\fR returns 1 for success and 0 if an error +occurs The error code can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp +are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 new file mode 100644 index 0000000..24838af --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:07 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_ALGOR 3" +.TH d2i_X509_ALGOR 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length); +\& int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \fBX509_ALGOR\fR structure which is +equivalent to the \fBAlgorithmIdentifier\fR structure. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 new file mode 100644 index 0000000..f1edd3b --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:08 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_CRL 3" +.TH d2i_X509_CRL 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp, +i2d_X509_CRL_bio, i2d_X509_CRL_fp \- PKCS#10 certificate request functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length); +\& int i2d_X509_CRL(X509_CRL *a, unsigned char **pp); +.Ve +.Vb 2 +\& X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x); +\& X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x); +.Ve +.Vb 2 +\& int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp); +\& int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an X509 \s-1CRL\s0 (certificate revocation +list). +.PP +Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 new file mode 100644 index 0000000..a58596a --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:09 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_NAME 3" +.TH d2i_X509_NAME 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length); +\& int i2d_X509_NAME(X509_NAME *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an \fBX509_NAME\fR structure which is the +the same as the \fBName\fR type defined in \s-1RFC2459\s0 (and elsewhere) and used +for example in certificate subject and issuer names. +.PP +Othewise the functions behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 new file mode 100644 index 0000000..6e2544c --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:10 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_REQ 3" +.TH d2i_X509_REQ 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp, +i2d_X509_REQ_bio, i2d_X509_REQ_fp \- PKCS#10 certificate request functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length); +\& int i2d_X509_REQ(X509_REQ *a, unsigned char **pp); +.Ve +.Vb 2 +\& X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x); +\& X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x); +.Ve +.Vb 2 +\& int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp); +\& int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode a PKCS#10 certificate request. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 new file mode 100644 index 0000000..04c8bf8 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -0,0 +1,166 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:11 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "d2i_X509_SIG 3" +.TH d2i_X509_SIG 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/x509.h> +.Ve +.Vb 2 +\& X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length); +\& int i2d_X509_SIG(X509_SIG *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions decode and encode an X509_SIG structure which is +equivalent to the \fBDigestInfo\fR structure defined in PKCS#1 and PKCS#7. +.PP +Othewise these behave in a similar way to \fId2i_X509()\fR and \fIi2d_X509()\fR +described in the d2i_X509(3) manual page. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +d2i_X509(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index b046d59..a937fdc 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:02 2002 +.\" Mon Jan 13 19:29:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,128 +138,119 @@ .\" ====================================================================== .\" .IX Title "des 3" -.TH des 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH des 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -des_random_key, des_set_key, des_key_sched, des_set_key_checked, -des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, -des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, -des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, -des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt, -des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, -des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, -des_read_password, des_read_2passwords, des_read_pw_string, -des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys, -des_fcrypt, des_crypt, des_enc_read, des_enc_write \- \s-1DES\s0 encryption +DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked, +DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key, +DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, +DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, +DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, +DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, +DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, +DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write \- \s-1DES\s0 encryption .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/des.h> .Ve .Vb 1 -\& void des_random_key(des_cblock *ret); +\& void DES_random_key(DES_cblock *ret); .Ve .Vb 6 -\& int des_set_key(const_des_cblock *key, des_key_schedule schedule); -\& int des_key_sched(const_des_cblock *key, des_key_schedule schedule); -\& int des_set_key_checked(const_des_cblock *key, -\& des_key_schedule schedule); -\& void des_set_key_unchecked(const_des_cblock *key, -\& des_key_schedule schedule); +\& int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule); +\& int DES_set_key_checked(const_DES_cblock *key, +\& DES_key_schedule *schedule); +\& void DES_set_key_unchecked(const_DES_cblock *key, +\& DES_key_schedule *schedule); .Ve .Vb 2 -\& void des_set_odd_parity(des_cblock *key); -\& int des_is_weak_key(const_des_cblock *key); +\& void DES_set_odd_parity(DES_cblock *key); +\& int DES_is_weak_key(const_DES_cblock *key); .Ve .Vb 7 -\& void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks, int enc); -\& void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks1, des_key_schedule ks2, int enc); -\& void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, -\& des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, int enc); +\& void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks, int enc); +\& void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, int enc); +\& void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, +\& DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, int enc); .Ve .Vb 18 -\& void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); -\& void des_cfb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, des_key_schedule schedule, -\& des_cblock *ivec, int enc); -\& void des_ofb_encrypt(const unsigned char *in, unsigned char *out, -\& int numbits, long length, des_key_schedule schedule, -\& des_cblock *ivec); -\& void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec, int enc); +\& void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, DES_key_schedule *schedule, +\& DES_cblock *ivec); +\& void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int enc); -\& void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num, int enc); -\& void des_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule schedule, des_cblock *ivec, +\& void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, \& int *num); .Ve .Vb 3 -\& void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, -\& long length, des_key_schedule schedule, des_cblock *ivec, -\& const_des_cblock *inw, const_des_cblock *outw, int enc); +\& void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, DES_key_schedule *schedule, DES_cblock *ivec, +\& const_DES_cblock *inw, const_DES_cblock *outw, int enc); .Ve .Vb 9 -\& void des_ede2_cbc_encrypt(const unsigned char *input, -\& unsigned char *output, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int enc); -\& void des_ede2_cfb64_encrypt(const unsigned char *in, -\& unsigned char *out, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int *num, int enc); -\& void des_ede2_ofb64_encrypt(const unsigned char *in, -\& unsigned char *out, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_cblock *ivec, int *num); +\& void DES_ede2_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int enc); +\& void DES_ede2_cfb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc); +\& void DES_ede2_ofb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_cblock *ivec, int *num); .Ve .Vb 15 -\& void des_ede3_cbc_encrypt(const unsigned char *input, -\& unsigned char *output, long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, +\& void DES_ede3_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, \& int enc); -\& void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, +\& void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, \& int enc); -\& void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, des_key_schedule ks2, -\& des_key_schedule ks3, des_cblock *ivec, int *num, int enc); -\& void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, -\& long length, des_key_schedule ks1, -\& des_key_schedule ks2, des_key_schedule ks3, -\& des_cblock *ivec, int *num); -.Ve -.Vb 5 -\& int des_read_password(des_cblock *key, const char *prompt, int verify); -\& int des_read_2passwords(des_cblock *key1, des_cblock *key2, -\& const char *prompt, int verify); -\& int des_read_pw_string(char *buf, int length, const char *prompt, -\& int verify); +\& void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, DES_key_schedule *ks2, +\& DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc); +\& void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, DES_key_schedule *ks1, +\& DES_key_schedule *ks2, DES_key_schedule *ks3, +\& DES_cblock *ivec, int *num); .Ve .Vb 8 -\& DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, -\& long length, des_key_schedule schedule, -\& const_des_cblock *ivec); -\& DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], -\& long length, int out_count, des_cblock *seed); -\& void des_string_to_key(const char *str, des_cblock *key); -\& void des_string_to_2keys(const char *str, des_cblock *key1, -\& des_cblock *key2); +\& DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, +\& long length, DES_key_schedule *schedule, +\& const_DES_cblock *ivec); +\& DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], +\& long length, int out_count, DES_cblock *seed); +\& void DES_string_to_key(const char *str, DES_cblock *key); +\& void DES_string_to_2keys(const char *str, DES_cblock *key1, +\& DES_cblock *key2); .Ve -.Vb 3 -\& char *des_fcrypt(const char *buf, const char *salt, char *ret); -\& char *des_crypt(const char *buf, const char *salt); -\& char *crypt(const char *buf, const char *salt); +.Vb 2 +\& char *DES_fcrypt(const char *buf, const char *salt, char *ret); +\& char *DES_crypt(const char *buf, const char *salt); .Ve .Vb 4 -\& int des_enc_read(int fd, void *buf, int len, des_key_schedule sched, -\& des_cblock *iv); -\& int des_enc_write(int fd, const void *buf, int len, -\& des_key_schedule sched, des_cblock *iv); +\& int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, +\& DES_cblock *iv); +\& int DES_enc_write(int fd, const void *buf, int len, +\& DES_key_schedule *sched, DES_cblock *iv); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -267,56 +258,52 @@ This library contains a fast implementation of the \s-1DES\s0 encryption algorithm. .PP There are two phases to the use of \s-1DES\s0 encryption. The first is the -generation of a \fIdes_key_schedule\fR from a key, the second is the -actual encryption. A \s-1DES\s0 key is of type \fIdes_cblock\fR. This type is +generation of a \fIDES_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIDES_cblock\fR. This type is consists of 8 bytes with odd parity. The least significant bit in each byte is the parity bit. The key schedule is an expanded form of the key; it is used to speed the encryption process. .PP -\&\fIdes_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded -prior to using this function (see rand(3); for backward -compatibility the function \fIdes_random_seed()\fR is available as well). -If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. In -earlier versions of the library, \fIdes_random_key()\fR did not generate -secure keys. +\&\fIDES_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded +prior to using this function (see rand(3)). If the \s-1PRNG\s0 +could not generate a secure key, 0 is returned. .PP Before a \s-1DES\s0 key can be used, it must be converted into the -architecture dependent \fIdes_key_schedule\fR via the -\&\fIdes_set_key_checked()\fR or \fIdes_set_key_unchecked()\fR function. +architecture dependent \fIDES_key_schedule\fR via the +\&\fIDES_set_key_checked()\fR or \fIDES_set_key_unchecked()\fR function. .PP -\&\fIdes_set_key_checked()\fR will check that the key passed is of odd parity +\&\fIDES_set_key_checked()\fR will check that the key passed is of odd parity and is not a week or semi-weak key. If the parity is wrong, then \-1 is returned. If the key is a weak key, then \-2 is returned. If an error is returned, the key schedule is not generated. .PP -\&\fIdes_set_key()\fR (called \fIdes_key_sched()\fR in the \s-1MIT\s0 library) works like -\&\fIdes_set_key_checked()\fR if the \fIdes_check_key\fR flag is non-zero, -otherwise like \fIdes_set_key_unchecked()\fR. These functions are available +\&\fIDES_set_key()\fR works like +\&\fIDES_set_key_checked()\fR if the \fIDES_check_key\fR flag is non-zero, +otherwise like \fIDES_set_key_unchecked()\fR. These functions are available for compatibility; it is recommended to use a function that does not depend on a global variable. .PP -\&\fIdes_set_odd_parity()\fR (called \fIdes_fixup_key_parity()\fR in the \s-1MIT\s0 -library) sets the parity of the passed \fIkey\fR to odd. +\&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIdes_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it +\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it is ok. The probability that a randomly generated key is weak is 1/2^52, so it is not really worth checking for them. .PP The following routines mostly operate on an input and output stream of -\&\fIdes_cblock\fRs. +\&\fIDES_cblock\fRs. .PP -\&\fIdes_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or -decrypts a single 8\-byte \fIdes_cblock\fR in \fIelectronic code book\fR +\&\fIDES_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIDES_cblock\fR in \fIelectronic code book\fR (\s-1ECB\s0) mode. It always transforms the input data, pointed to by \&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR (cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the key_schedule specified by the \fIschedule\fR argument, previously set via -\&\fIdes_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +\&\fIDES_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input -and output may overlap. \fIdes_ecb_encrypt()\fR does not return a value. +and output may overlap. \fIDES_ecb_encrypt()\fR does not return a value. .PP -\&\fIdes_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +\&\fIDES_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and then encrypting with \fIks3\fR. This routine greatly reduces the chances @@ -324,10 +311,10 @@ of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, \&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption using \s-1ECB\s0 mode and \fIks1\fR as the key. .PP -The macro \fIdes_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +The macro \fIDES_ecb2_encrypt()\fR is provided to perform two-key Triple-DES encryption by using \fIks1\fR for the final encryption. .PP -\&\fIdes_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +\&\fIDES_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR (\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the routine cipher-block-chain encrypts the cleartext data pointed to by the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR @@ -337,24 +324,24 @@ and initialization vector provided by the \fIivec\fR argument. If the last block is copied to a temporary area and zero filled. The output is always an integral multiple of eight bytes. .PP -\&\fIdes_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIDES_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and \&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret (unlike the iv) and are as such, part of the key. So the key is sort of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. .PP -\&\fIdes_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +\&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. .PP -The \fIdes_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. This form of Triple-DES is used by the \s-1RSAREF\s0 library. .PP -\&\fIdes_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block +\&\fIDES_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block chaining mode used by Kerberos v4. Its parameters are the same as -\&\fIdes_ncbc_encrypt()\fR. +\&\fIDES_ncbc_encrypt()\fR. .PP -\&\fIdes_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This +\&\fIDES_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -362,7 +349,7 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIdes_cfb64_encrypt()\fR +\&\fIDES_cfb64_encrypt()\fR implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this useful you ask? Because this routine will allow you to encrypt an arbitrary number of bytes, no 8 byte padding. Each call to this @@ -370,10 +357,10 @@ routine will encrypt the input bytes to output and then update ivec and num. num contains 'how far' we are though ivec. If this does not make much sense, read more about cfb mode of \s-1DES\s0 :\-). .PP -\&\fIdes_ede3_cfb64_encrypt()\fR and \fIdes_ede2_cfb64_encrypt()\fR is the same as -\&\fIdes_cfb64_encrypt()\fR except that Triple-DES is used. +\&\fIDES_ede3_cfb64_encrypt()\fR and \fIDES_ede2_cfb64_encrypt()\fR is the same as +\&\fIDES_cfb64_encrypt()\fR except that Triple-DES is used. .PP -\&\fIdes_ofb_encrypt()\fR encrypts using output feedback mode. This method +\&\fIDES_ofb_encrypt()\fR encrypts using output feedback mode. This method takes an array of characters as input and outputs and array of characters. It does not require any padding to 8 character groups. Note: the \fIivec\fR variable is changed and the new changed value needs to @@ -381,39 +368,22 @@ be passed to the next call to this function. Since this function runs a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only suggested for use when sending small numbers of characters. .PP -\&\fIdes_ofb64_encrypt()\fR is the same as \fIdes_cfb64_encrypt()\fR using Output +\&\fIDES_ofb64_encrypt()\fR is the same as \fIDES_cfb64_encrypt()\fR using Output Feed Back mode. .PP -\&\fIdes_ede3_ofb64_encrypt()\fR and \fIdes_ede2_ofb64_encrypt()\fR is the same as -\&\fIdes_ofb64_encrypt()\fR, using Triple-DES. +\&\fIDES_ede3_ofb64_encrypt()\fR and \fIDES_ede2_ofb64_encrypt()\fR is the same as +\&\fIDES_ofb64_encrypt()\fR, using Triple-DES. .PP The following functions are included in the \s-1DES\s0 library for -compatibility with the \s-1MIT\s0 Kerberos library. \fIdes_read_pw_string()\fR -is also available under the name \fIEVP_read_pw_string()\fR. -.PP -\&\fIdes_read_pw_string()\fR writes the string specified by \fIprompt\fR to -standard output, turns echo off and reads in input string from the -terminal. The string is returned in \fIbuf\fR, which must have space for -at least \fIlength\fR bytes. If \fIverify\fR is set, the user is asked for -the password twice and unless the two copies match, an error is -returned. A return code of \-1 indicates a system error, 1 failure due -to use interaction, and 0 is success. -.PP -\&\fIdes_read_password()\fR does the same and converts the password to a \s-1DES\s0 -key by calling \fIdes_string_to_key()\fR; \fIdes_read_2password()\fR operates in -the same way as \fIdes_read_password()\fR except that it generates two keys -by using the \fIdes_string_to_2key()\fR function. \fIdes_string_to_key()\fR is -available for backward compatibility with the \s-1MIT\s0 library. New -applications should use a cryptographic hash function. The same -applies for \fIdes_string_to_2key()\fR. -.PP -\&\fIdes_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +compatibility with the \s-1MIT\s0 Kerberos library. +.PP +\&\fIDES_cbc_cksum()\fR produces an 8 byte checksum based on the input stream (via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned and the complete 8 bytes are placed in \fIoutput\fR. This function is used by Kerberos v4. Other applications should use EVP_DigestInit(3) etc. instead. .PP -\&\fIdes_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +\&\fIDES_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte checksum from the input bytes. The algorithm can be iterated over the input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is non-NULL, the 8 bytes generated by each pass are written into @@ -421,19 +391,19 @@ non-NULL, the 8 bytes generated by each pass are written into .PP The following are DES-based transformations: .PP -\&\fIdes_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +\&\fIDES_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This version takes only a small amount of space relative to other fast \&\fIcrypt()\fR implementations. This is different to the normal crypt in that the third parameter is the buffer that the return value is written into. It needs to be at least 14 bytes long. This function is thread safe, unlike the normal crypt. .PP -\&\fIdes_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. -This function calls \fIdes_fcrypt()\fR with a static array passed as the +\&\fIDES_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. +This function calls \fIDES_fcrypt()\fR with a static array passed as the third parameter. This emulates the normal non-thread safe semantics of \fIcrypt\fR\|(3). .PP -\&\fIdes_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +\&\fIDES_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual data send down \fIfd\fR consists of 4 bytes (in network byte order) @@ -441,38 +411,38 @@ containing the length of the following encrypted data. The encrypted data then follows, padded with random data out to a multiple of 8 bytes. .PP -\&\fIdes_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor +\&\fIDES_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor \&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to -have come from \fIdes_enc_write()\fR and is decrypted using \fIsched\fR for +have come from \fIDES_enc_write()\fR and is decrypted using \fIsched\fR for the key schedule and \fIiv\fR for the initial vector. .PP -\&\fBWarning:\fR The data format used by \fIdes_enc_write()\fR and \fIdes_enc_read()\fR +\&\fBWarning:\fR The data format used by \fIDES_enc_write()\fR and \fIDES_enc_read()\fR has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 -bytes, \fIdes_enc_write()\fR will split the data into several chunks that +bytes, \fIDES_enc_write()\fR will split the data into several chunks that are all encrypted using the same \s-1IV\s0. So don't use these functions unless you are sure you know what you do (in which case you might not want to use them anyway). They cannot handle non-blocking sockets. -\&\fIdes_enc_read()\fR uses an internal state and thus cannot be used on +\&\fIDES_enc_read()\fR uses an internal state and thus cannot be used on multiple files. .PP -\&\fIdes_rw_mode\fR is used to specify the encryption mode to use with -\&\fIdes_enc_read()\fR and \fIdes_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the -default), des_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR -des_cbc_encrypt is used. +\&\fIDES_rw_mode\fR is used to specify the encryption mode to use with +\&\fIDES_enc_read()\fR and \fIDES_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the +default), DES_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR +DES_cbc_encrypt is used. .SH "NOTES" .IX Header "NOTES" Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is -not suitable for most applications; see des_modes(7). +not suitable for most applications; see DES_modes(7). .PP The evp(3) library provides higher-level encryption functions. .SH "BUGS" .IX Header "BUGS" -\&\fIdes_3cbc_encrypt()\fR is flawed and must not be used in applications. +\&\fIDES_3cbc_encrypt()\fR is flawed and must not be used in applications. .PP -\&\fIdes_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIdes_ncbc_encrypt()\fR +\&\fIDES_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIDES_ncbc_encrypt()\fR instead. .PP -\&\fIdes_cfb_encrypt()\fR and \fIdes_ofb_encrypt()\fR operates on input of 8 bits. +\&\fIDES_cfb_encrypt()\fR and \fIDES_ofb_encrypt()\fR operates on input of 8 bits. What this means is that if you set numbits to 12, and length to 2, the first 12 bits will come from the 1st input byte and the low half of the second input byte. The second 12 bits will have the low 8 bits @@ -482,8 +452,9 @@ implemented this way because most people will be using a multiple of 8 and because once you get into pulling bytes input bytes apart things get ugly! .PP -\&\fIdes_read_pw_string()\fR is the most machine/OS dependent function and -normally generates the most problems when porting this code. +\&\fIDES_string_to_key()\fR is available for backward compatibility with the +\&\s-1MIT\s0 library. New applications should use a cryptographic hash function. +The same applies for \fIDES_string_to_2key()\fR. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1ANSI\s0 X3.106 @@ -495,10 +466,20 @@ the \s-1MIT\s0 Kerberos library. \&\fIcrypt\fR\|(3), des_modes(7), evp(3), rand(3) .SH "HISTORY" .IX Header "HISTORY" +In OpenSSL 0.9.7, all des_ functions were renamed to \s-1DES_\s0 to avoid +clashes with older versions of libdes. Compatibility des_ functions +are provided for a short while, as well as \fIcrypt()\fR. +Declarations for these are in <openssl/des_old.h>. There is no \s-1DES_\s0 +variant for \fIdes_random_seed()\fR. +This will happen to other functions +as well if they are deemed redundant (\fIdes_random_seed()\fR just calls +\&\fIRAND_seed()\fR and is present for backward compatibility only), buggy or +already scheduled for removal. +.PP \&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR, \&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR, -\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR, \fIdes_read_password()\fR and -\&\fIdes_string_to_key()\fR are available in the \s-1MIT\s0 Kerberos library; +\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR and \fIdes_string_to_key()\fR +are available in the \s-1MIT\s0 Kerberos library; \&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR are available in newer versions of that library. .PP diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3 index b8cf5b0..788e0e8 100644 --- a/secure/lib/libcrypto/man/des_modes.3 +++ b/secure/lib/libcrypto/man/des_modes.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:02 2002 +.\" Mon Jan 13 19:29:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "des_modes 3" -.TH des_modes 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH des_modes 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index 31cdc59..3c40e68 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:03 2002 +.\" Mon Jan 13 19:29:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,37 +138,38 @@ .\" ====================================================================== .\" .IX Title "dh 3" -.TH dh 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH dh 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" dh \- Diffie-Hellman key agreement .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dh.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& DH * DH_new(void); \& void DH_free(DH *dh); .Ve .Vb 1 -\& int DH_size(DH *dh); +\& int DH_size(const DH *dh); .Ve .Vb 3 \& DH * DH_generate_parameters(int prime_len, int generator, \& void (*callback)(int, int, void *), void *cb_arg); -\& int DH_check(DH *dh, int *codes); +\& int DH_check(const DH *dh, int *codes); .Ve .Vb 2 \& int DH_generate_key(DH *dh); \& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); .Ve .Vb 5 -\& void DH_set_default_method(DH_METHOD *meth); -\& DH_METHOD *DH_get_default_method(void); -\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); -\& DH *DH_new_method(DH_METHOD *meth); -\& DH_METHOD *DH_OpenSSL(void); +\& void DH_set_default_method(const DH_METHOD *meth); +\& const DH_METHOD *DH_get_default_method(void); +\& int DH_set_method(DH *dh, const DH_METHOD *meth); +\& DH *DH_new_method(ENGINE *engine); +\& const DH_METHOD *DH_OpenSSL(void); .Ve .Vb 4 \& int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), @@ -178,11 +179,11 @@ dh \- Diffie-Hellman key agreement .Ve .Vb 2 \& DH * d2i_DHparams(DH **a, unsigned char **pp, long length); -\& int i2d_DHparams(DH *a, unsigned char **pp); +\& int i2d_DHparams(const DH *a, unsigned char **pp); .Ve .Vb 2 -\& int DHparams_print_fp(FILE *fp, DH *x); -\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, const DH *x); +\& int DHparams_print(BIO *bp, const DH *x); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -204,11 +205,19 @@ The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components. \& }; \& DH .Ve +Note that \s-1DH\s0 keys may use non-standard \fB\s-1DH_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1DH\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "SEE ALSO" .IX Header "SEE ALSO" dhparam(1), bn(3), dsa(3), err(3), -rand(3), rsa(3), DH_set_method(3), -DH_new(3), DH_get_ex_new_index(3), +rand(3), rsa(3), engine(3), +DH_set_method(3), DH_new(3), +DH_get_ex_new_index(3), DH_generate_parameters(3), DH_compute_key(3), d2i_DHparams(3), RSA_print(3) diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index c452818..67b693d 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:04 2002 +.\" Mon Jan 13 19:29:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,21 +138,22 @@ .\" ====================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH dsa 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" dsa \- Digital Signature Algorithm .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/dsa.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& DSA * DSA_new(void); \& void DSA_free(DSA *dsa); .Ve .Vb 1 -\& int DSA_size(DSA *dsa); +\& int DSA_size(const DSA *dsa); .Ve .Vb 3 \& DSA * DSA_generate_parameters(int bits, unsigned char *seed, @@ -160,7 +161,7 @@ dsa \- Digital Signature Algorithm \& void (*callback)(int, int, void *), void *cb_arg); .Ve .Vb 1 -\& DH * DSA_dup_DH(DSA *r); +\& DH * DSA_dup_DH(const DSA *r); .Ve .Vb 1 \& int DSA_generate_key(DSA *dsa); @@ -171,14 +172,14 @@ dsa \- Digital Signature Algorithm \& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, \& BIGNUM **rp); \& int DSA_verify(int dummy, const unsigned char *dgst, int len, -\& unsigned char *sigbuf, int siglen, DSA *dsa); +\& const unsigned char *sigbuf, int siglen, DSA *dsa); .Ve .Vb 5 -\& void DSA_set_default_method(DSA_METHOD *meth); -\& DSA_METHOD *DSA_get_default_method(void); -\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); -\& DSA *DSA_new_method(DSA_METHOD *meth); -\& DSA_METHOD *DSA_OpenSSL(void); +\& void DSA_set_default_method(const DSA_METHOD *meth); +\& const DSA_METHOD *DSA_get_default_method(void); +\& int DSA_set_method(DSA *dsa, const DSA_METHOD *meth); +\& DSA *DSA_new_method(ENGINE *engine); +\& const DSA_METHOD *DSA_OpenSSL(void); .Ve .Vb 4 \& int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), @@ -189,7 +190,7 @@ dsa \- Digital Signature Algorithm .Vb 4 \& DSA_SIG *DSA_SIG_new(void); \& void DSA_SIG_free(DSA_SIG *a); -\& int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); +\& int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); \& DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); .Ve .Vb 3 @@ -201,15 +202,15 @@ dsa \- Digital Signature Algorithm \& DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); \& DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); \& DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); -\& int i2d_DSAPublicKey(DSA *a, unsigned char **pp); -\& int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); -\& int i2d_DSAparams(DSA *a,unsigned char **pp); +\& int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +\& int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +\& int i2d_DSAparams(const DSA *a,unsigned char **pp); .Ve .Vb 4 -\& int DSAparams_print(BIO *bp, DSA *x); -\& int DSAparams_print_fp(FILE *fp, DSA *x); -\& int DSA_print(BIO *bp, DSA *x, int off); -\& int DSA_print_fp(FILE *bp, DSA *x, int off); +\& int DSAparams_print(BIO *bp, const DSA *x); +\& int DSAparams_print_fp(FILE *fp, const DSA *x); +\& int DSA_print(BIO *bp, const DSA *x, int off); +\& int DSA_print_fp(FILE *bp, const DSA *x, int off); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -235,6 +236,14 @@ The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. \& DSA; .Ve In public keys, \fBpriv_key\fR is \s-1NULL\s0. +.PP +Note that \s-1DSA\s0 keys may use non-standard \fB\s-1DSA_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1DSA\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature @@ -242,7 +251,8 @@ Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 .SH "SEE ALSO" .IX Header "SEE ALSO" bn(3), dh(3), err(3), rand(3), -rsa(3), sha(3), DSA_new(3), +rsa(3), sha(3), engine(3), +DSA_new(3), DSA_size(3), DSA_generate_parameters(3), DSA_dup_DH(3), diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 new file mode 100644 index 0000000..f9c42dd --- /dev/null +++ b/secure/lib/libcrypto/man/engine.3 @@ -0,0 +1,784 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:17 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "engine 3" +.TH engine 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +engine \- \s-1ENGINE\s0 cryptographic module support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/engine.h> +.Ve +.Vb 4 +\& ENGINE *ENGINE_get_first(void); +\& ENGINE *ENGINE_get_last(void); +\& ENGINE *ENGINE_get_next(ENGINE *e); +\& ENGINE *ENGINE_get_prev(ENGINE *e); +.Ve +.Vb 2 +\& int ENGINE_add(ENGINE *e); +\& int ENGINE_remove(ENGINE *e); +.Ve +.Vb 1 +\& ENGINE *ENGINE_by_id(const char *id); +.Ve +.Vb 2 +\& int ENGINE_init(ENGINE *e); +\& int ENGINE_finish(ENGINE *e); +.Ve +.Vb 12 +\& void ENGINE_load_openssl(void); +\& void ENGINE_load_dynamic(void); +\& void ENGINE_load_cswift(void); +\& void ENGINE_load_chil(void); +\& void ENGINE_load_atalla(void); +\& void ENGINE_load_nuron(void); +\& void ENGINE_load_ubsec(void); +\& void ENGINE_load_aep(void); +\& void ENGINE_load_sureware(void); +\& void ENGINE_load_4758cca(void); +\& void ENGINE_load_openbsd_dev_crypto(void); +\& void ENGINE_load_builtin_engines(void); +.Ve +.Vb 1 +\& void ENGINE_cleanup(void); +.Ve +.Vb 6 +\& ENGINE *ENGINE_get_default_RSA(void); +\& ENGINE *ENGINE_get_default_DSA(void); +\& ENGINE *ENGINE_get_default_DH(void); +\& ENGINE *ENGINE_get_default_RAND(void); +\& ENGINE *ENGINE_get_cipher_engine(int nid); +\& ENGINE *ENGINE_get_digest_engine(int nid); +.Ve +.Vb 7 +\& int ENGINE_set_default_RSA(ENGINE *e); +\& int ENGINE_set_default_DSA(ENGINE *e); +\& int ENGINE_set_default_DH(ENGINE *e); +\& int ENGINE_set_default_RAND(ENGINE *e); +\& int ENGINE_set_default_ciphers(ENGINE *e); +\& int ENGINE_set_default_digests(ENGINE *e); +\& int ENGINE_set_default_string(ENGINE *e, const char *list); +.Ve +.Vb 1 +\& int ENGINE_set_default(ENGINE *e, unsigned int flags); +.Ve +.Vb 2 +\& unsigned int ENGINE_get_table_flags(void); +\& void ENGINE_set_table_flags(unsigned int flags); +.Ve +.Vb 20 +\& int ENGINE_register_RSA(ENGINE *e); +\& void ENGINE_unregister_RSA(ENGINE *e); +\& void ENGINE_register_all_RSA(void); +\& int ENGINE_register_DSA(ENGINE *e); +\& void ENGINE_unregister_DSA(ENGINE *e); +\& void ENGINE_register_all_DSA(void); +\& int ENGINE_register_DH(ENGINE *e); +\& void ENGINE_unregister_DH(ENGINE *e); +\& void ENGINE_register_all_DH(void); +\& int ENGINE_register_RAND(ENGINE *e); +\& void ENGINE_unregister_RAND(ENGINE *e); +\& void ENGINE_register_all_RAND(void); +\& int ENGINE_register_ciphers(ENGINE *e); +\& void ENGINE_unregister_ciphers(ENGINE *e); +\& void ENGINE_register_all_ciphers(void); +\& int ENGINE_register_digests(ENGINE *e); +\& void ENGINE_unregister_digests(ENGINE *e); +\& void ENGINE_register_all_digests(void); +\& int ENGINE_register_complete(ENGINE *e); +\& int ENGINE_register_all_complete(void); +.Ve +.Vb 6 +\& int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +\& int ENGINE_cmd_is_executable(ENGINE *e, int cmd); +\& int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, +\& long i, void *p, void (*f)(), int cmd_optional); +\& int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, +\& int cmd_optional); +.Ve +.Vb 2 +\& int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +\& void *ENGINE_get_ex_data(const ENGINE *e, int idx); +.Ve +.Vb 2 +\& int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +.Ve +.Vb 2 +\& ENGINE *ENGINE_new(void); +\& int ENGINE_free(ENGINE *e); +.Ve +.Vb 16 +\& int ENGINE_set_id(ENGINE *e, const char *id); +\& int ENGINE_set_name(ENGINE *e, const char *name); +\& int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); +\& int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +\& int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); +\& int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +\& int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); +\& int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); +\& int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); +\& int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); +\& int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); +\& int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +\& int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); +\& int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +\& int ENGINE_set_flags(ENGINE *e, int flags); +\& int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); +.Ve +.Vb 18 +\& const char *ENGINE_get_id(const ENGINE *e); +\& const char *ENGINE_get_name(const ENGINE *e); +\& const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); +\& const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +\& const DH_METHOD *ENGINE_get_DH(const ENGINE *e); +\& const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); +\& ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); +\& ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); +\& ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +\& ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); +\& ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +\& const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); +\& const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +\& int ENGINE_get_flags(const ENGINE *e); +\& const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); +.Ve +.Vb 4 +\& EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +\& EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, +\& UI_METHOD *ui_method, void *callback_data); +.Ve +.Vb 1 +\& void ENGINE_add_conf_module(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions create, manipulate, and use cryptographic modules in the +form of \fB\s-1ENGINE\s0\fR objects. These objects act as containers for +implementations of cryptographic algorithms, and support a +reference-counted mechanism to allow them to be dynamically loaded in and +out of the running application. +.PP +The cryptographic functionality that can be provided by an \fB\s-1ENGINE\s0\fR +implementation includes the following abstractions; +.PP +.Vb 5 +\& RSA_METHOD - for providing alternative RSA implementations +\& DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND +\& EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid') +\& EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid') +\& key-loading - loading public and/or private EVP_PKEY keys +.Ve +.Sh "Reference counting and handles" +.IX Subsection "Reference counting and handles" +Due to the modular nature of the \s-1ENGINE\s0 \s-1API\s0, pointers to ENGINEs need to be +treated as handles \- ie. not only as pointers, but also as references to +the underlying \s-1ENGINE\s0 object. Ie. you should obtain a new reference when +making copies of an \s-1ENGINE\s0 pointer if the copies will be used (and +released) independantly. +.PP +\&\s-1ENGINE\s0 objects have two levels of reference-counting to match the way in +which the objects are used. At the most basic level, each \s-1ENGINE\s0 pointer is +inherently a \fBstructural\fR reference \- you need a structural reference +simply to refer to the pointer value at all, as this kind of reference is +your guarantee that the structure can not be deallocated until you release +your reference. +.PP +However, a structural reference provides no guarantee that the \s-1ENGINE\s0 has +been initiliased to be usable to perform any of its cryptographic +implementations \- and indeed it's quite possible that most ENGINEs will not +initialised at all on standard setups, as ENGINEs are typically used to +support specialised hardware. To use an \s-1ENGINE\s0's functionality, you need a +\&\fBfunctional\fR reference. This kind of reference can be considered a +specialised form of structural reference, because each functional reference +implicitly contains a structural reference as well \- however to avoid +difficult-to-find programming bugs, it is recommended to treat the two +kinds of reference independantly. If you have a functional reference to an +\&\s-1ENGINE\s0, you have a guarantee that the \s-1ENGINE\s0 has been initialised ready to +perform cryptographic operations and will not be uninitialised or cleaned +up until after you have released your reference. +.PP +We will discuss the two kinds of reference separately, including how to +tell which one you are dealing with at any given point in time (after all +they are both simply (\s-1ENGINE\s0 *) pointers, the difference is in the way they +are used). +.PP +\&\fIStructural references\fR +.PP +This basic type of reference is typically used for creating new ENGINEs +dynamically, iterating across OpenSSL's internal linked-list of loaded +ENGINEs, reading information about an \s-1ENGINE\s0, etc. Essentially a structural +reference is sufficient if you only need to query or manipulate the data of +an \s-1ENGINE\s0 implementation rather than use its functionality. +.PP +The \fIENGINE_new()\fR function returns a structural reference to a new (empty) +\&\s-1ENGINE\s0 object. Other than that, structural references come from return +values to various \s-1ENGINE\s0 \s-1API\s0 functions such as; \fIENGINE_by_id()\fR, +\&\fIENGINE_get_first()\fR, \fIENGINE_get_last()\fR, \fIENGINE_get_next()\fR, +\&\fIENGINE_get_prev()\fR. All structural references should be released by a +corresponding to call to the \fIENGINE_free()\fR function \- the \s-1ENGINE\s0 object +itself will only actually be cleaned up and deallocated when the last +structural reference is released. +.PP +It should also be noted that many \s-1ENGINE\s0 \s-1API\s0 function calls that accept a +structural reference will internally obtain another reference \- typically +this happens whenever the supplied \s-1ENGINE\s0 will be needed by OpenSSL after +the function has returned. Eg. the function to add a new \s-1ENGINE\s0 to +OpenSSL's internal list is \fIENGINE_add()\fR \- if this function returns success, +then OpenSSL will have stored a new structural reference internally so the +caller is still responsible for freeing their own reference with +\&\fIENGINE_free()\fR when they are finished with it. In a similar way, some +functions will automatically release the structural reference passed to it +if part of the function's job is to do so. Eg. the \fIENGINE_get_next()\fR and +\&\fIENGINE_get_prev()\fR functions are used for iterating across the internal +\&\s-1ENGINE\s0 list \- they will return a new structural reference to the next (or +previous) \s-1ENGINE\s0 in the list or \s-1NULL\s0 if at the end (or beginning) of the +list, but in either case the structural reference passed to the function is +released on behalf of the caller. +.PP +To clarify a particular function's handling of references, one should +always consult that function's documentation \*(L"man\*(R" page, or failing that +the openssl/engine.h header file includes some hints. +.PP +\&\fIFunctional references\fR +.PP +As mentioned, functional references exist when the cryptographic +functionality of an \s-1ENGINE\s0 is required to be available. A functional +reference can be obtained in one of two ways; from an existing structural +reference to the required \s-1ENGINE\s0, or by asking OpenSSL for the default +operational \s-1ENGINE\s0 for a given cryptographic purpose. +.PP +To obtain a functional reference from an existing structural reference, +call the \fIENGINE_init()\fR function. This returns zero if the \s-1ENGINE\s0 was not +already operational and couldn't be successfully initialised (eg. lack of +system drivers, no special hardware attached, etc), otherwise it will +return non-zero to indicate that the \s-1ENGINE\s0 is now operational and will +have allocated a new \fBfunctional\fR reference to the \s-1ENGINE\s0. In this case, +the supplied \s-1ENGINE\s0 pointer is, from the point of the view of the caller, +both a structural reference and a functional reference \- so if the caller +intends to use it as a functional reference it should free the structural +reference with \fIENGINE_free()\fR first. If the caller wishes to use it only as +a structural reference (eg. if the \fIENGINE_init()\fR call was simply to test if +the \s-1ENGINE\s0 seems available/online), then it should free the functional +reference; all functional references are released by the \fIENGINE_finish()\fR +function. +.PP +The second way to get a functional reference is by asking OpenSSL for a +default implementation for a given task, eg. by \fIENGINE_get_default_RSA()\fR, +\&\fIENGINE_get_default_cipher_engine()\fR, etc. These are discussed in the next +section, though they are not usually required by application programmers as +they are used automatically when creating and using the relevant +algorithm-specific types in OpenSSL, such as \s-1RSA\s0, \s-1DSA\s0, \s-1EVP_CIPHER_CTX\s0, etc. +.Sh "Default implementations" +.IX Subsection "Default implementations" +For each supported abstraction, the \s-1ENGINE\s0 code maintains an internal table +of state to control which implementations are available for a given +abstraction and which should be used by default. These implementations are +registered in the tables separated-out by an 'nid' index, because +abstractions like \s-1EVP_CIPHER\s0 and \s-1EVP_DIGEST\s0 support many distinct +algorithms and modes \- ENGINEs will support different numbers and +combinations of these. In the case of other abstractions like \s-1RSA\s0, \s-1DSA\s0, +etc, there is only one \*(L"algorithm\*(R" so all implementations implicitly +register using the same 'nid' index. ENGINEs can be \fBregistered\fR into +these tables to make themselves available for use automatically by the +various abstractions, eg. \s-1RSA\s0. For illustrative purposes, we continue with +the \s-1RSA\s0 example, though all comments apply similarly to the other +abstractions (they each get their own table and linkage to the +corresponding section of openssl code). +.PP +When a new \s-1RSA\s0 key is being created, ie. in \fIRSA_new_method()\fR, a +\&\*(L"get_default\*(R" call will be made to the \s-1ENGINE\s0 subsystem to process the \s-1RSA\s0 +state table and return a functional reference to an initialised \s-1ENGINE\s0 +whose \s-1RSA_METHOD\s0 should be used. If no \s-1ENGINE\s0 should (or can) be used, it +will return \s-1NULL\s0 and the \s-1RSA\s0 key will operate with a \s-1NULL\s0 \s-1ENGINE\s0 handle by +using the conventional \s-1RSA\s0 implementation in OpenSSL (and will from then on +behave the way it used to before the \s-1ENGINE\s0 \s-1API\s0 existed \- for details see +RSA_new_method(3)). +.PP +Each state table has a flag to note whether it has processed this +\&\*(L"get_default\*(R" query since the table was last modified, because to process +this question it must iterate across all the registered ENGINEs in the +table trying to initialise each of them in turn, in case one of them is +operational. If it returns a functional reference to an \s-1ENGINE\s0, it will +also cache another reference to speed up processing future queries (without +needing to iterate across the table). Likewise, it will cache a \s-1NULL\s0 +response if no \s-1ENGINE\s0 was available so that future queries won't repeat the +same iteration unless the state table changes. This behaviour can also be +changed; if the \s-1ENGINE_TABLE_FLAG_NOINIT\s0 flag is set (using +\&\fIENGINE_set_table_flags()\fR), no attempted initialisations will take place, +instead the only way for the state table to return a non-NULL \s-1ENGINE\s0 to the +\&\*(L"get_default\*(R" query will be if one is expressly set in the table. Eg. +\&\fIENGINE_set_default_RSA()\fR does the same job as \fIENGINE_register_RSA()\fR except +that it also sets the state table's cached response for the \*(L"get_default\*(R" +query. +.PP +In the case of abstractions like \s-1EVP_CIPHER\s0, where implementations are +indexed by 'nid', these flags and cached-responses are distinct for each +\&'nid' value. +.PP +It is worth illustrating the difference between \*(L"registration\*(R" of ENGINEs +into these per-algorithm state tables and using the alternative +\&\*(L"set_default\*(R" functions. The latter handles both \*(L"registration\*(R" and also +setting the cached \*(L"default\*(R" \s-1ENGINE\s0 in each relevant state table \- so +registered ENGINEs will only have a chance to be initialised for use as a +default if a default \s-1ENGINE\s0 wasn't already set for the same state table. +Eg. if \s-1ENGINE\s0 X supports cipher nids {A,B} and \s-1RSA\s0, \s-1ENGINE\s0 Y supports +ciphers {A} and \s-1DSA\s0, and the following code is executed; +.PP +.Vb 7 +\& ENGINE_register_complete(X); +\& ENGINE_set_default(Y, ENGINE_METHOD_ALL); +\& e1 = ENGINE_get_default_RSA(); +\& e2 = ENGINE_get_cipher_engine(A); +\& e3 = ENGINE_get_cipher_engine(B); +\& e4 = ENGINE_get_default_DSA(); +\& e5 = ENGINE_get_cipher_engine(C); +.Ve +The results would be as follows; +.PP +.Vb 5 +\& assert(e1 == X); +\& assert(e2 == Y); +\& assert(e3 == X); +\& assert(e4 == Y); +\& assert(e5 == NULL); +.Ve +.Sh "Application requirements" +.IX Subsection "Application requirements" +This section will explain the basic things an application programmer should +support to make the most useful elements of the \s-1ENGINE\s0 functionality +available to the user. The first thing to consider is whether the +programmer wishes to make alternative \s-1ENGINE\s0 modules available to the +application and user. OpenSSL maintains an internal linked list of +\&\*(L"visible\*(R" ENGINEs from which it has to operate \- at start-up, this list is +empty and in fact if an application does not call any \s-1ENGINE\s0 \s-1API\s0 calls and +it uses static linking against openssl, then the resulting application +binary will not contain any alternative \s-1ENGINE\s0 code at all. So the first +consideration is whether any/all available \s-1ENGINE\s0 implementations should be +made visible to OpenSSL \- this is controlled by calling the various \*(L"load\*(R" +functions, eg. +.PP +.Vb 9 +\& /* Make the "dynamic" ENGINE available */ +\& void ENGINE_load_dynamic(void); +\& /* Make the CryptoSwift hardware acceleration support available */ +\& void ENGINE_load_cswift(void); +\& /* Make support for nCipher's "CHIL" hardware available */ +\& void ENGINE_load_chil(void); +\& ... +\& /* Make ALL ENGINE implementations bundled with OpenSSL available */ +\& void ENGINE_load_builtin_engines(void); +.Ve +Having called any of these functions, \s-1ENGINE\s0 objects would have been +dynamically allocated and populated with these implementations and linked +into OpenSSL's internal linked list. At this point it is important to +mention an important \s-1API\s0 function; +.PP +.Vb 1 +\& void ENGINE_cleanup(void); +.Ve +If no \s-1ENGINE\s0 \s-1API\s0 functions are called at all in an application, then there +are no inherent memory leaks to worry about from the \s-1ENGINE\s0 functionality, +however if any ENGINEs are \*(L"load\*(R"ed, even if they are never registered or +used, it is necessary to use the \fIENGINE_cleanup()\fR function to +correspondingly cleanup before program exit, if the caller wishes to avoid +memory leaks. This mechanism uses an internal callback registration table +so that any \s-1ENGINE\s0 \s-1API\s0 functionality that knows it requires cleanup can +register its cleanup details to be called during \fIENGINE_cleanup()\fR. This +approach allows \fIENGINE_cleanup()\fR to clean up after any \s-1ENGINE\s0 functionality +at all that your program uses, yet doesn't automatically create linker +dependencies to all possible \s-1ENGINE\s0 functionality \- only the cleanup +callbacks required by the functionality you do use will be required by the +linker. +.PP +The fact that ENGINEs are made visible to OpenSSL (and thus are linked into +the program and loaded into memory at run-time) does not mean they are +\&\*(L"registered\*(R" or called into use by OpenSSL automatically \- that behaviour +is something for the application to have control over. Some applications +will want to allow the user to specify exactly which \s-1ENGINE\s0 they want used +if any is to be used at all. Others may prefer to load all support and have +OpenSSL automatically use at run-time any \s-1ENGINE\s0 that is able to +successfully initialise \- ie. to assume that this corresponds to +acceleration hardware attached to the machine or some such thing. There are +probably numerous other ways in which applications may prefer to handle +things, so we will simply illustrate the consequences as they apply to a +couple of simple cases and leave developers to consider these and the +source code to openssl's builtin utilities as guides. +.PP +\&\fIUsing a specific \s-1ENGINE\s0 implementation\fR +.PP +Here we'll assume an application has been configured by its user or admin +to want to use the \*(L"\s-1ACME\s0\*(R" \s-1ENGINE\s0 if it is available in the version of +OpenSSL the application was compiled with. If it is available, it should be +used by default for all \s-1RSA\s0, \s-1DSA\s0, and symmetric cipher operation, otherwise +OpenSSL should use its builtin software as per usual. The following code +illustrates how to approach this; +.PP +.Vb 22 +\& ENGINE *e; +\& const char *engine_id = "ACME"; +\& ENGINE_load_builtin_engines(); +\& e = ENGINE_by_id(engine_id); +\& if(!e) +\& /* the engine isn't available */ +\& return; +\& if(!ENGINE_init(e)) { +\& /* the engine couldn't initialise, release 'e' */ +\& ENGINE_free(e); +\& return; +\& } +\& if(!ENGINE_set_default_RSA(e)) +\& /* This should only happen when 'e' can't initialise, but the previous +\& * statement suggests it did. */ +\& abort(); +\& ENGINE_set_default_DSA(e); +\& ENGINE_set_default_ciphers(e); +\& /* Release the functional reference from ENGINE_init() */ +\& ENGINE_finish(e); +\& /* Release the structural reference from ENGINE_by_id() */ +\& ENGINE_free(e); +.Ve +\&\fIAutomatically using builtin \s-1ENGINE\s0 implementations\fR +.PP +Here we'll assume we want to load and register all \s-1ENGINE\s0 implementations +bundled with OpenSSL, such that for any cryptographic algorithm required by +OpenSSL \- if there is an \s-1ENGINE\s0 that implements it and can be initialise, +it should be used. The following code illustrates how this can work; +.PP +.Vb 4 +\& /* Load all bundled ENGINEs into memory and make them visible */ +\& ENGINE_load_builtin_engines(); +\& /* Register all of them for every algorithm they collectively implement */ +\& ENGINE_register_all_complete(); +.Ve +That's all that's required. Eg. the next time OpenSSL tries to set up an +\&\s-1RSA\s0 key, any bundled ENGINEs that implement \s-1RSA_METHOD\s0 will be passed to +\&\fIENGINE_init()\fR and if any of those succeed, that \s-1ENGINE\s0 will be set as the +default for use with \s-1RSA\s0 from then on. +.Sh "Advanced configuration support" +.IX Subsection "Advanced configuration support" +There is a mechanism supported by the \s-1ENGINE\s0 framework that allows each +\&\s-1ENGINE\s0 implementation to define an arbitrary set of configuration +\&\*(L"commands\*(R" and expose them to OpenSSL and any applications based on +OpenSSL. This mechanism is entirely based on the use of name-value pairs +and and assumes \s-1ASCII\s0 input (no unicode or \s-1UTF\s0 for now!), so it is ideal if +applications want to provide a transparent way for users to provide +arbitrary configuration \*(L"directives\*(R" directly to such ENGINEs. It is also +possible for the application to dynamically interrogate the loaded \s-1ENGINE\s0 +implementations for the names, descriptions, and input flags of their +available \*(L"control commands\*(R", providing a more flexible configuration +scheme. However, if the user is expected to know which \s-1ENGINE\s0 device he/she +is using (in the case of specialised hardware, this goes without saying) +then applications may not need to concern themselves with discovering the +supported control commands and simply prefer to allow settings to passed +into ENGINEs exactly as they are provided by the user. +.PP +Before illustrating how control commands work, it is worth mentioning what +they are typically used for. Broadly speaking there are two uses for +control commands; the first is to provide the necessary details to the +implementation (which may know nothing at all specific to the host system) +so that it can be initialised for use. This could include the path to any +driver or config files it needs to load, required network addresses, +smart-card identifiers, passwords to initialise password-protected devices, +logging information, etc etc. This class of commands typically needs to be +passed to an \s-1ENGINE\s0 \fBbefore\fR attempting to initialise it, ie. before +calling \fIENGINE_init()\fR. The other class of commands consist of settings or +operations that tweak certain behaviour or cause certain operations to take +place, and these commands may work either before or after \fIENGINE_init()\fR, or +in same cases both. \s-1ENGINE\s0 implementations should provide indications of +this in the descriptions attached to builtin control commands and/or in +external product documentation. +.PP +\&\fIIssuing control commands to an \s-1ENGINE\s0\fR +.PP +Let's illustrate by example; a function for which the caller supplies the +name of the \s-1ENGINE\s0 it wishes to use, a table of string-pairs for use before +initialisation, and another table for use after initialisation. Note that +the string-pairs used for control commands consist of a command \*(L"name\*(R" +followed by the command \*(L"parameter\*(R" \- the parameter could be \s-1NULL\s0 in some +cases but the name can not. This function should initialise the \s-1ENGINE\s0 +(issuing the \*(L"pre\*(R" commands beforehand and the \*(L"post\*(R" commands afterwards) +and set it as the default for everything except \s-1RAND\s0 and then return a +boolean success or failure. +.PP +.Vb 36 +\& int generic_load_engine_fn(const char *engine_id, +\& const char **pre_cmds, int pre_num, +\& const char **post_cmds, int post_num) +\& { +\& ENGINE *e = ENGINE_by_id(engine_id); +\& if(!e) return 0; +\& while(pre_num--) { +\& if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s - %s:%s)\en", engine_id, +\& pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)"); +\& ENGINE_free(e); +\& return 0; +\& } +\& pre_cmds += 2; +\& } +\& if(!ENGINE_init(e)) { +\& fprintf(stderr, "Failed initialisation\en"); +\& ENGINE_free(e); +\& return 0; +\& } +\& /* ENGINE_init() returned a functional reference, so free the structural +\& * reference from ENGINE_by_id(). */ +\& ENGINE_free(e); +\& while(post_num--) { +\& if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) { +\& fprintf(stderr, "Failed command (%s - %s:%s)\en", engine_id, +\& post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)"); +\& ENGINE_finish(e); +\& return 0; +\& } +\& post_cmds += 2; +\& } +\& ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND); +\& /* Success */ +\& return 1; +\& } +.Ve +Note that \fIENGINE_ctrl_cmd_string()\fR accepts a boolean argument that can +relax the semantics of the function \- if set non-zero it will only return +failure if the \s-1ENGINE\s0 supported the given command name but failed while +executing it, if the \s-1ENGINE\s0 doesn't support the command name it will simply +return success without doing anything. In this case we assume the user is +only supplying commands specific to the given \s-1ENGINE\s0 so we set this to +\&\s-1FALSE\s0. +.PP +\&\fIDiscovering supported control commands\fR +.PP +It is possible to discover at run-time the names, numerical-ids, descriptions +and input parameters of the control commands supported from a structural +reference to any \s-1ENGINE\s0. It is first important to note that some control +commands are defined by OpenSSL itself and it will intercept and handle these +control commands on behalf of the \s-1ENGINE\s0, ie. the \s-1ENGINE\s0's \fIctrl()\fR handler is not +used for the control command. openssl/engine.h defines a symbol, +\&\s-1ENGINE_CMD_BASE\s0, that all control commands implemented by ENGINEs from. Any +command value lower than this symbol is considered a \*(L"generic\*(R" command is +handled directly by the OpenSSL core routines. +.PP +It is using these \*(L"core\*(R" control commands that one can discover the the control +commands implemented by a given \s-1ENGINE\s0, specifically the commands; +.PP +.Vb 9 +\& #define ENGINE_HAS_CTRL_FUNCTION 10 +\& #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 +\& #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 +\& #define ENGINE_CTRL_GET_CMD_FROM_NAME 13 +\& #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 +\& #define ENGINE_CTRL_GET_NAME_FROM_CMD 15 +\& #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 +\& #define ENGINE_CTRL_GET_DESC_FROM_CMD 17 +\& #define ENGINE_CTRL_GET_CMD_FLAGS 18 +.Ve +Whilst these commands are automatically processed by the OpenSSL framework code, +they use various properties exposed by each \s-1ENGINE\s0 by which to process these +queries. An \s-1ENGINE\s0 has 3 properties it exposes that can affect this behaviour; +it can supply a \fIctrl()\fR handler, it can specify \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 in +the \s-1ENGINE\s0's flags, and it can expose an array of control command descriptions. +If an \s-1ENGINE\s0 specifies the \s-1ENGINE_FLAGS_MANUAL_CMD_CTRL\s0 flag, then it will +simply pass all these \*(L"core\*(R" control commands directly to the \s-1ENGINE\s0's \fIctrl()\fR +handler (and thus, it must have supplied one), so it is up to the \s-1ENGINE\s0 to +reply to these \*(L"discovery\*(R" commands itself. If that flag is not set, then the +OpenSSL framework code will work with the following rules; +.PP +.Vb 9 +\& if no ctrl() handler supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero), +\& all other commands fail. +\& if a ctrl() handler was supplied but no array of control commands; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands fail. +\& if a ctrl() handler and array of control commands was supplied; +\& ENGINE_HAS_CTRL_FUNCTION returns TRUE, +\& all other commands proceed processing ... +.Ve +If the \s-1ENGINE\s0's array of control commands is empty then all other commands will +fail, otherwise; \s-1ENGINE_CTRL_GET_FIRST_CMD_TYPE\s0 returns the identifier of +the first command supported by the \s-1ENGINE\s0, \s-1ENGINE_GET_NEXT_CMD_TYPE\s0 takes the +identifier of a command supported by the \s-1ENGINE\s0 and returns the next command +identifier or fails if there are no more, \s-1ENGINE_CMD_FROM_NAME\s0 takes a string +name for a command and returns the corresponding identifier or fails if no such +command name exists, and the remaining commands take a command identifier and +return properties of the corresponding commands. All except +\&\s-1ENGINE_CTRL_GET_FLAGS\s0 return the string length of a command name or description, +or populate a supplied character buffer with a copy of the command name or +description. \s-1ENGINE_CTRL_GET_FLAGS\s0 returns a bitwise-OR'd mask of the following +possible values; +.PP +.Vb 4 +\& #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 +\& #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 +\& #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 +\& #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 +.Ve +If the \s-1ENGINE_CMD_FLAG_INTERNAL\s0 flag is set, then any other flags are purely +informational to the caller \- this flag will prevent the command being usable +for any higher-level \s-1ENGINE\s0 functions such as \fIENGINE_ctrl_cmd_string()\fR. +\&\*(L"\s-1INTERNAL\s0\*(R" commands are not intended to be exposed to text-based configuration +by applications, administrations, users, etc. These can support arbitrary +operations via \fIENGINE_ctrl()\fR, including passing to and/or from the control +commands data of any arbitrary type. These commands are supported in the +discovery mechanisms simply to allow applications determinie if an \s-1ENGINE\s0 +supports certain specific commands it might want to use (eg. application \*(L"foo\*(R" +might query various ENGINEs to see if they implement \*(L"\s-1FOO_GET_VENDOR_LOGO_GIF\s0\*(R" \- +and \s-1ENGINE\s0 could therefore decide whether or not to support this \*(L"foo\*(R"\-specific +extension). +.Sh "Future developments" +.IX Subsection "Future developments" +The \s-1ENGINE\s0 \s-1API\s0 and internal architecture is currently being reviewed. Slated for +possible release in 0.9.8 is support for transparent loading of \*(L"dynamic\*(R" +ENGINEs (built as self-contained shared-libraries). This would allow \s-1ENGINE\s0 +implementations to be provided independantly of OpenSSL libraries and/or +OpenSSL-based applications, and would also remove any requirement for +applications to explicitly use the \*(L"dynamic\*(R" \s-1ENGINE\s0 to bind to shared-library +implementations. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), dsa(3), dh(3), rand(3), +RSA_new_method(3) diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index bd76dd7..22599ed 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:04 2002 +.\" Mon Jan 13 19:29:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "err 3" -.TH err 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH err 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" err \- error codes diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index dae3c82..d50439f 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:05 2002 +.\" Mon Jan 13 19:29:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "evp 3" -.TH evp 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH evp 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" evp \- high-level cryptographic functions @@ -162,6 +162,13 @@ Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests. .PP Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3). +.PP +All the symmetric algorithms (ciphers) and digests can be replaced by \s-1ENGINE\s0 +modules providing alternative implementations. If \s-1ENGINE\s0 implementations of +ciphers or digests are registered as defaults, then the various \s-1EVP\s0 functions +will automatically use those implementations automatically in preference to +built in software implementations. For more information, consult the \fIengine\fR\|(3) +man page. .SH "SEE ALSO" .IX Header "SEE ALSO" EVP_DigestInit(3), @@ -170,4 +177,5 @@ EVP_OpenInit(3), EVP_SealInit(3), EVP_SignInit(3), EVP_VerifyInit(3), -OpenSSL_add_all_algorithms(3) +OpenSSL_add_all_algorithms(3), +engine(3) diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index c62de63..27eeff8 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:06 2002 +.\" Mon Jan 13 19:29:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH hmac 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message @@ -153,13 +153,19 @@ authentication code \& int key_len, const unsigned char *d, int n, \& unsigned char *md, unsigned int *md_len); .Ve -.Vb 4 +.Vb 1 +\& void HMAC_CTX_init(HMAC_CTX *ctx); +.Ve +.Vb 6 \& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, \& const EVP_MD *md); +\& void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); \& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); \& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); .Ve -.Vb 1 +.Vb 2 +\& void HMAC_CTX_cleanup(HMAC_CTX *ctx); \& void HMAC_cleanup(HMAC_CTX *ctx); .Ve .SH "DESCRIPTION" @@ -181,13 +187,31 @@ the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. \&\fBkey\fR and \fBevp_md\fR may be \fB\s-1NULL\s0\fR if a key and hash function have been set in a previous call to \fIHMAC_Init()\fR for that \fB\s-1HMAC_CTX\s0\fR. .PP -\&\fIHMAC_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR. +\&\fIHMAC_CTX_init()\fR initialises a \fB\s-1HMAC_CTX\s0\fR before first use. It must be +called. +.PP +\&\fIHMAC_CTX_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR +and releases any associated resources. It must be called when an +\&\fB\s-1HMAC_CTX\s0\fR is no longer required. +.PP +\&\fIHMAC_cleanup()\fR is an alias for \fIHMAC_CTX_cleanup()\fR included for back +compatibility with 0.9.6b, it is deprecated. .PP The following functions may be used if the message is not completely stored in memory: .PP \&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash -function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes +long. It is deprecated and only included for backward compatibility +with OpenSSL 0.9.6b. +.PP +\&\fIHMAC_Init_ex()\fR initializes or reuses a \fB\s-1HMAC_CTX\s0\fR structure to use +the function \fBevp_md\fR and key \fBkey\fR. Either can be \s-1NULL\s0, in which +case the existing one will be reused. \fIHMAC_CTX_init()\fR must have been +called before the first use of an \fB\s-1HMAC_CTX\s0\fR in this +function. \fBN.B. \f(BIHMAC_Init()\fB had this undocumented behaviour in +previous versions of OpenSSL \- failure to switch to \f(BIHMAC_Init_ex()\fB in +programs that expect it will cause them to stop working\fR. .PP \&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to be authenticated (\fBlen\fR bytes at \fBdata\fR). @@ -198,8 +222,8 @@ must have space for the hash function output. .IX Header "RETURN VALUES" \&\fIHMAC()\fR returns a pointer to the message authentication code. .PP -\&\fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR do not -return values. +\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and +\&\fIHMAC_CTX_cleanup()\fR do not return values. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1RFC\s0 2104 @@ -210,3 +234,6 @@ sha(3), evp(3) .IX Header "HISTORY" \&\fIHMAC()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR are available since SSLeay 0.9.0. +.PP +\&\fIHMAC_CTX_init()\fR, \fIHMAC_Init_ex()\fR and \fIHMAC_CTX_cleanup()\fR are available +since OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 44645f0..aeb26e2 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:06 2002 +.\" Mon Jan 13 19:29:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH lh_stats 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index e5ee467..f698fce 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:07 2002 +.\" Mon Jan 13 19:29:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,19 +138,17 @@ .\" ====================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH lhash 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" -lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, -lh_doall_arg, lh_error \- dynamic hash table +lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/lhash.h> .Ve -.Vb 3 -\& LHASH *lh_new(unsigned long (*hash)(/*void *a*/), -\& int (*compare)(/*void *a,void *b*/)); +.Vb 2 +\& LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare); \& void lh_free(LHASH *table); .Ve .Vb 3 @@ -159,29 +157,102 @@ lh_doall_arg, lh_error \- dynamic hash table \& void *lh_retrieve(LHASH *table, void *data); .Ve .Vb 3 -\& void lh_doall(LHASH *table, void (*func)(/*void *b*/)); -\& void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/), +\& void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func); +\& void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func, \& void *arg); .Ve .Vb 1 \& int lh_error(LHASH *table); .Ve +.Vb 4 +\& typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); +\& typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); +\& typedef void (*LHASH_DOALL_FN_TYPE)(const void *); +\& typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" This library implements dynamic hash tables. The hash table entries can be arbitrary structures. Usually they consist of key and value fields. .PP -\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure. \fBhash\fR takes a pointer to -the structure and returns an unsigned long hash value of its key -field. The hash value is normally truncated to a power of 2, so make -sure that your hash function returns well mixed low order -bits. \fBcompare\fR takes two arguments, and returns 0 if their keys are -equal, non-zero otherwise. +\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure to store arbitrary data +entries, and provides the 'hash' and 'compare' callbacks to be used in +organising the table's entries. The \fBhash\fR callback takes a pointer +to a table entry as its argument and returns an unsigned long hash +value for its key field. The hash value is normally truncated to a +power of 2, so make sure that your hash function returns well mixed +low order bits. The \fBcompare\fR callback takes two arguments (pointers +to two hash table entries), and returns 0 if their keys are equal, +non-zero otherwise. If your hash table will contain items of some +particular type and the \fBhash\fR and \fBcompare\fR callbacks hash/compare +these types, then the \fB\s-1DECLARE_LHASH_HASH_FN\s0\fR and +\&\fB\s-1IMPLEMENT_LHASH_COMP_FN\s0\fR macros can be used to create callback +wrappers of the prototypes required by \fIlh_new()\fR. These provide +per-variable casts before calling the type-specific callbacks written +by the application author. These macros, as well as those used for +the \*(L"doall\*(R" callbacks, are defined as; +.PP +.Vb 7 +\& #define DECLARE_LHASH_HASH_FN(f_name,o_type) \e +\& unsigned long f_name##_LHASH_HASH(const void *); +\& #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \e +\& unsigned long f_name##_LHASH_HASH(const void *arg) { \e +\& o_type a = (o_type)arg; \e +\& return f_name(a); } +\& #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +.Ve +.Vb 8 +\& #define DECLARE_LHASH_COMP_FN(f_name,o_type) \e +\& int f_name##_LHASH_COMP(const void *, const void *); +\& #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \e +\& int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \e +\& o_type a = (o_type)arg1; \e +\& o_type b = (o_type)arg2; \e +\& return f_name(a,b); } +\& #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +.Ve +.Vb 7 +\& #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \e +\& void f_name##_LHASH_DOALL(const void *); +\& #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \e +\& void f_name##_LHASH_DOALL(const void *arg) { \e +\& o_type a = (o_type)arg; \e +\& f_name(a); } +\& #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +.Ve +.Vb 8 +\& #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e +\& void f_name##_LHASH_DOALL_ARG(const void *, const void *); +\& #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \e +\& void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \e +\& o_type a = (o_type)arg1; \e +\& a_type b = (a_type)arg2; \e +\& f_name(a,b); } +\& #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG +.Ve +An example of a hash table storing (pointers to) structures of type '\s-1STUFF\s0' +could be defined as follows; .PP +.Vb 14 +\& /* Calculates the hash value of 'tohash' (implemented elsewhere) */ +\& unsigned long STUFF_hash(const STUFF *tohash); +\& /* Orders 'arg1' and 'arg2' (implemented elsewhere) */ +\& int STUFF_cmp(const STUFF *arg1, const STUFF *arg2); +\& /* Create the type-safe wrapper functions for use in the LHASH internals */ +\& static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *) +\& static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *); +\& /* ... */ +\& int main(int argc, char *argv[]) { +\& /* Create the new hash table using the hash/compare wrappers */ +\& LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash), +\& LHASH_COMP_FN(STUFF_cmp)); +\& /* ... */ +\& } +.Ve \&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table entries will not be freed; consider using \fIlh_doall()\fR to deallocate any -remaining entries in the hash table. +remaining entries in the hash table (see below). .PP \&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR. If there already is an entry with the same key, the old value is @@ -195,23 +266,55 @@ a structure with the key \fIfield\fR\|(s) set; the function will return a pointer to a fully populated structure. .PP \&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with -the data item as parameters. -This function can be quite useful when used as follows: - void cleanup(\s-1STUFF\s0 *a) - { \fISTUFF_free\fR\|(a); } - lh_doall(hash,cleanup); - lh_free(hash); -This can be used to free all the entries. \fIlh_free()\fR then cleans up the -\&'buckets' that point to nothing. When doing this, be careful if you -delete entries from the hash table in \fBfunc\fR: the table may decrease -in size, moving item that you are currently on down lower in the hash -table. This could cause some entries to be skipped. The best -solution to this problem is to set hash->down_load=0 before you -start. This will stop the hash table ever being decreased in size. +the data item as its parameter. For \fIlh_doall()\fR and \fIlh_doall_arg()\fR, +function pointer casting should be avoided in the callbacks (see +\&\fB\s-1NOTE\s0\fR) \- instead, either declare the callbacks to match the +prototype required in \fIlh_new()\fR or use the declare/implement macros to +create type-safe wrappers that cast variables prior to calling your +type-specific callbacks. An example of this is illustrated here where +the callback is used to cleanup resources for items in the hash table +prior to the hashtable itself being deallocated: .PP -\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will -be called with \fBarg\fR as the second argument. +.Vb 9 +\& /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */ +\& void STUFF_cleanup(STUFF *a); +\& /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */ +\& IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *) +\& /* ... then later in the code ... */ +\& /* So to run "STUFF_cleanup" against all items in a hash table ... */ +\& lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); +\& /* Then the hash table itself can be deallocated */ +\& lh_free(hashtable); +.Ve +When doing this, be careful if you delete entries from the hash table +in your callbacks: the table may decrease in size, moving the item +that you are currently on down lower in the hash table \- this could +cause some entries to be skipped during the iteration. The second +best solution to this problem is to set hash->down_load=0 before +you start (which will stop the hash table ever decreasing in size). +The best solution is probably to avoid deleting items from the hash +table inside a \*(L"doall\*(R" callback! +.PP +\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will be +called with \fBarg\fR as the second argument and \fBfunc\fR should be of +type \fB\s-1LHASH_DOALL_ARG_FN_TYPE\s0\fR (a callback prototype that is passed +both the table entry and an extra argument). As with \fIlh_doall()\fR, you +can instead choose to declare your callback with a prototype matching +the types you are dealing with and use the declare/implement macros to +create compatible wrappers that cast variables before calling your +type-specific callbacks. An example of this is demonstrated here +(printing all hash table entries to a \s-1BIO\s0 that is provided by the +caller): .PP +.Vb 7 +\& /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */ +\& void STUFF_print(const STUFF *a, BIO *output_bio); +\& /* Implement a prototype-compatible wrapper for "STUFF_print" */ +\& static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *) +\& /* ... then later in the code ... */ +\& /* Print out the entire hashtable to a particular BIO */ +\& lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio); +.Ve \&\fIlh_error()\fR can be used to determine if an error occurred in the last operation. \fIlh_error()\fR is a macro. .SH "RETURN VALUES" @@ -232,6 +335,44 @@ there is no such value in the hash table. otherwise. .PP \&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values. +.SH "NOTE" +.IX Header "NOTE" +The various \s-1LHASH\s0 macros and callback types exist to make it possible +to write type-safe code without resorting to function-prototype +casting \- an evil that makes application code much harder to +audit/verify and also opens the window of opportunity for stack +corruption and other hard-to-find bugs. It also, apparently, violates +\&\s-1ANSI-C\s0. +.PP +The \s-1LHASH\s0 code regards table entries as constant data. As such, it +internally represents \fIlh_insert()\fR'd items with a \*(L"const void *\*(R" +pointer type. This is why callbacks such as those used by \fIlh_doall()\fR +and \fIlh_doall_arg()\fR declare their prototypes with \*(L"const\*(R", even for the +parameters that pass back the table items' data pointers \- for +consistency, user-provided data is \*(L"const\*(R" at all times as far as the +\&\s-1LHASH\s0 code is concerned. However, as callers are themselves providing +these pointers, they can choose whether they too should be treating +all such parameters as constant. +.PP +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only \*(L"const\*(R" access to the data being +indexed in the hash table (ie. it is returned as \*(L"const\*(R" from +elsewhere in their code) \- in this case the \s-1LHASH\s0 prototypes are +appropriate as-is. Conversely, if the caller is responsible for the +life-time of the data in question, then they may well wish to make +modifications to table item passed back in the \fIlh_doall()\fR or +\&\fIlh_doall_arg()\fR callbacks (see the \*(L"STUFF_cleanup\*(R" example above). If +so, the caller can either cast the \*(L"const\*(R" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement +the wrapper functions without \*(L"const\*(R" types. +.PP +Callers that only have \*(L"const\*(R" access to data they're indexing in a +table, yet declare callbacks without constant types (or cast the +\&\*(L"const\*(R" away themselves), are therefore creating their own risks/bugs +without being encouraged to do so by the \s-1API\s0. On a related note, +those auditing code should pay special attention to any instances of +DECLARE/IMPLEMENT_LHASH_DOALL_[\s-1ARG_\s0]_FN macros that provide types +without any \*(L"const\*(R" qualifiers. .SH "BUGS" .IX Header "BUGS" \&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. @@ -271,7 +412,7 @@ generating hashes that are the same for different values. It is probably worth changing your hash function if this is the case because even if your hash table has 10 items in a 'bucket', it can be searched with 10 \fBunsigned long\fR compares and 10 linked list traverses. This -will be much less expensive that 10 calls to you compare function. +will be much less expensive that 10 calls to your compare function. .PP \&\fIlh_strhash()\fR is a demo string hashing function: .PP @@ -290,3 +431,8 @@ The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL. \&\fIlh_error()\fR was added in SSLeay 0.9.1b. .PP This manpage is derived from the SSLeay documentation. +.PP +In OpenSSL 0.9.7, all lhash functions that were passed function pointers +were changed for better type safety, and the function types \s-1LHASH_COMP_FN_TYPE\s0, +\&\s-1LHASH_HASH_FN_TYPE\s0, \s-1LHASH_DOALL_FN_TYPE\s0 and \s-1LHASH_DOALL_ARG_FN_TYPE\s0 +became available. diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index c69001a..efa0053 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:07 2002 +.\" Mon Jan 13 19:29:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "md5 3" -.TH md5 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH md5 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index b553403..703af80 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:08 2002 +.\" Mon Jan 13 19:29:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH mdc2 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 new file mode 100644 index 0000000..6a61612 --- /dev/null +++ b/secure/lib/libcrypto/man/pem.3 @@ -0,0 +1,689 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:27 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "pem 3" +.TH pem 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +\&\s-1PEM\s0 \- \s-1PEM\s0 routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/pem.h> +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, +\& char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x); +\& int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x); +.Ve +.Vb 1 +\& int PEM_write_RSAPublicKey(FILE *fp, RSA *x); +.Ve +.Vb 2 +\& RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x); +.Ve +.Vb 1 +\& int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x); +.Ve +.Vb 2 +\& DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, +\& unsigned char *kstr, int klen, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x); +.Ve +.Vb 1 +\& int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x); +.Ve +.Vb 1 +\& DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DSAparams(BIO *bp, DSA *x); +.Ve +.Vb 1 +\& int PEM_write_DSAparams(FILE *fp, DSA *x); +.Ve +.Vb 1 +\& DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_DHparams(BIO *bp, DH *x); +.Ve +.Vb 1 +\& int PEM_write_DHparams(FILE *fp, DH *x); +.Ve +.Vb 1 +\& X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509(BIO *bp, X509 *x); +.Ve +.Vb 1 +\& int PEM_write_X509(FILE *fp, X509 *x); +.Ve +.Vb 1 +\& X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_AUX(BIO *bp, X509 *x); +.Ve +.Vb 1 +\& int PEM_write_X509_AUX(FILE *fp, X509 *x); +.Ve +.Vb 2 +\& X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 2 +\& X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_X509_REQ(FILE *fp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x); +.Ve +.Vb 1 +\& int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x); +.Ve +.Vb 6 +\& X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x, +\& pem_password_cb *cb, void *u); +\& int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x); +\& int PEM_write_X509_CRL(FILE *fp, X509_CRL *x); +.Ve +.Vb 1 +\& PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x); +.Ve +.Vb 1 +\& int PEM_write_PKCS7(FILE *fp, PKCS7 *x); +.Ve +.Vb 3 +\& NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, +\& NETSCAPE_CERT_SEQUENCE **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 3 +\& NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp, +\& NETSCAPE_CERT_SEQUENCE **x, +\& pem_password_cb *cb, void *u); +.Ve +.Vb 1 +\& int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x); +.Ve +.Vb 1 +\& int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1PEM\s0 functions read or write structures in \s-1PEM\s0 format. In +this sense \s-1PEM\s0 format is simply base64 encoded data surrounded +by header lines. +.PP +For more details about the meaning of arguments see the +\&\fB\s-1PEM\s0 \s-1FUNCTION\s0 \s-1ARGUMENTS\s0\fR section. +.PP +Each operation has four functions associated with it. For +clarity the term "\fBfoobar\fR functions" will be used to collectively +refer to the \fIPEM_read_bio_foobar()\fR, \fIPEM_read_foobar()\fR, +\&\fIPEM_write_bio_foobar()\fR and \fIPEM_write_foobar()\fR functions. +.PP +The \fBPrivateKey\fR functions read or write a private key in +\&\s-1PEM\s0 format using an \s-1EVP_PKEY\s0 structure. The write routines use +\&\*(L"traditional\*(R" private key format and can handle both \s-1RSA\s0 and \s-1DSA\s0 +private keys. The read functions can additionally transparently +handle PKCS#8 format encrypted and unencrypted keys too. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR and \fIPEM_write_PKCS8PrivateKey()\fR +write a private key in an \s-1EVP_PKEY\s0 structure in PKCS#8 +EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption +algorithms. The \fBcipher\fR argument specifies the encryption algoritm to +use: unlike all other \s-1PEM\s0 routines the encryption is applied at the +PKCS#8 level and not in the \s-1PEM\s0 headers. If \fBcipher\fR is \s-1NULL\s0 then no +encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead. +.PP +\&\fIPEM_write_bio_PKCS8PrivateKey_nid()\fR and \fIPEM_write_PKCS8PrivateKey_nid()\fR +also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however +it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm +to use is specified in the \fBnid\fR parameter and should be the \s-1NID\s0 of the +corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 (see \s-1NOTES\s0 section). +.PP +The \fB\s-1PUBKEY\s0\fR functions process a public key using an \s-1EVP_PKEY\s0 +structure. The public key is encoded as a SubjectPublicKeyInfo +structure. +.PP +The \fBRSAPrivateKey\fR functions process an \s-1RSA\s0 private key using an +\&\s-1RSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1RSA\s0. +.PP +The \fBRSAPublicKey\fR functions process an \s-1RSA\s0 public key using an +\&\s-1RSA\s0 structure. The public key is encoded using a PKCS#1 RSAPublicKey +structure. +.PP +The \fB\s-1RSA_PUBKEY\s0\fR functions also process an \s-1RSA\s0 public key using +an \s-1RSA\s0 structure. However the public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1RSA\s0. +.PP +The \fBDSAPrivateKey\fR functions process a \s-1DSA\s0 private key using a +\&\s-1DSA\s0 structure. It handles the same formats as the \fBPrivateKey\fR +functions but an error occurs if the private key is not \s-1DSA\s0. +.PP +The \fB\s-1DSA_PUBKEY\s0\fR functions process a \s-1DSA\s0 public key using +a \s-1DSA\s0 structure. The public key is encoded using a +SubjectPublicKeyInfo structure and an error occurs if the public +key is not \s-1DSA\s0. +.PP +The \fBDSAparams\fR functions process \s-1DSA\s0 parameters using a \s-1DSA\s0 +structure. The parameters are encoded using a foobar structure. +.PP +The \fBDHparams\fR functions process \s-1DH\s0 parameters using a \s-1DH\s0 +structure. The parameters are encoded using a PKCS#3 DHparameter +structure. +.PP +The \fBX509\fR functions process an X509 certificate using an X509 +structure. They will also process a trusted X509 certificate but +any trust settings are discarded. +.PP +The \fBX509_AUX\fR functions process a trusted X509 certificate using +an X509 structure. +.PP +The \fBX509_REQ\fR and \fBX509_REQ_NEW\fR functions process a PKCS#10 +certificate request using an X509_REQ structure. The \fBX509_REQ\fR +write functions use \fB\s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR in the header whereas +the \fBX509_REQ_NEW\fR functions use \fB\s-1NEW\s0 \s-1CERTIFICATE\s0 \s-1REQUEST\s0\fR +(as required by some CAs). The \fBX509_REQ\fR read functions will +handle either form so there are no \fBX509_REQ_NEW\fR read functions. +.PP +The \fBX509_CRL\fR functions process an X509 \s-1CRL\s0 using an X509_CRL +structure. +.PP +The \fB\s-1PKCS7\s0\fR functions process a PKCS#7 ContentInfo using a \s-1PKCS7\s0 +structure. +.PP +The \fB\s-1NETSCAPE_CERT_SEQUENCE\s0\fR functions process a Netscape Certificate +Sequence using a \s-1NETSCAPE_CERT_SEQUENCE\s0 structure. +.SH "PEM FUNCTION ARGUMENTS" +.IX Header "PEM FUNCTION ARGUMENTS" +The \s-1PEM\s0 functions have many common arguments. +.PP +The \fBbp\fR \s-1BIO\s0 parameter (if present) specifies the \s-1BIO\s0 to read from +or write to. +.PP +The \fBfp\fR \s-1FILE\s0 parameter (if present) specifies the \s-1FILE\s0 pointer to +read from or write to. +.PP +The \s-1PEM\s0 read functions all take an argument \fB\s-1TYPE\s0 **x\fR and return +a \fB\s-1TYPE\s0 *\fR pointer. Where \fB\s-1TYPE\s0\fR is whatever structure the function +uses. If \fBx\fR is \s-1NULL\s0 then the parameter is ignored. If \fBx\fR is not +\&\s-1NULL\s0 but \fB*x\fR is \s-1NULL\s0 then the structure returned will be written +to \fB*x\fR. If neither \fBx\fR nor \fB*x\fR is \s-1NULL\s0 then an attempt is made +to reuse the structure at \fB*x\fR (but see \s-1BUGS\s0 and \s-1EXAMPLES\s0 sections). +Irrespective of the value of \fBx\fR a pointer to the structure is always +returned (or \s-1NULL\s0 if an error occurred). +.PP +The \s-1PEM\s0 functions which write private keys take an \fBenc\fR parameter +which specifies the encryption algorithm to use, encryption is done +at the \s-1PEM\s0 level. If this parameter is set to \s-1NULL\s0 then the private +key is written in unencrypted form. +.PP +The \fBcb\fR argument is the callback to use when querying for the pass +phrase used for encrypted \s-1PEM\s0 structures (normally only private keys). +.PP +For the \s-1PEM\s0 write routines if the \fBkstr\fR parameter is not \s-1NULL\s0 then +\&\fBklen\fR bytes at \fBkstr\fR are used as the passphrase and \fBcb\fR is +ignored. +.PP +If the \fBcb\fR parameters is set to \s-1NULL\s0 and the \fBu\fR parameter is not +\&\s-1NULL\s0 then the \fBu\fR parameter is interpreted as a null terminated string +to use as the passphrase. If both \fBcb\fR and \fBu\fR are \s-1NULL\s0 then the +default callback routine is used which will typically prompt for the +passphrase on the current terminal with echoing turned off. +.PP +The default passphrase callback is sometimes inappropriate (for example +in a \s-1GUI\s0 application) so an alternative can be supplied. The callback +routine has the following form: +.PP +.Vb 1 +\& int cb(char *buf, int size, int rwflag, void *u); +.Ve +\&\fBbuf\fR is the buffer to write the passphrase to. \fBsize\fR is the maximum +length of the passphrase (i.e. the size of buf). \fBrwflag\fR is a flag +which is set to 0 when reading and 1 when writing. A typical routine +will ask the user to verify the passphrase (for example by prompting +for it twice) if \fBrwflag\fR is 1. The \fBu\fR parameter has the same +value as the \fBu\fR parameter passed to the \s-1PEM\s0 routine. It allows +arbitrary data to be passed to the callback by the application +(for example a window handle in a \s-1GUI\s0 application). The callback +\&\fBmust\fR return the number of characters in the passphrase or 0 if +an error occurred. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Although the \s-1PEM\s0 routines take several arguments in almost all applications +most of them are set to 0 or \s-1NULL\s0. +.PP +Read a certificate in \s-1PEM\s0 format from a \s-1BIO:\s0 +.PP +.Vb 6 +\& X509 *x; +\& x = PEM_read_bio(bp, NULL, 0, NULL); +\& if (x == NULL) +\& { +\& /* Error */ +\& } +.Ve +Alternative method: +.PP +.Vb 5 +\& X509 *x = NULL; +\& if (!PEM_read_bio_X509(bp, &x, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a certificate to a \s-1BIO:\s0 +.PP +.Vb 4 +\& if (!PEM_write_bio_X509(bp, x)) +\& { +\& /* Error */ +\& } +.Ve +Write an unencrypted private key to a \s-1FILE\s0 pointer: +.PP +.Vb 4 +\& if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a private key (using traditional format) to a \s-1BIO\s0 using +triple \s-1DES\s0 encryption, the pass phrase is prompted for: +.PP +.Vb 4 +\& if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL)) +\& { +\& /* Error */ +\& } +.Ve +Write a private key (using PKCS#8 format) to a \s-1BIO\s0 using triple +\&\s-1DES\s0 encryption, using the pass phrase \*(L"hello\*(R": +.PP +.Vb 4 +\& if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello")) +\& { +\& /* Error */ +\& } +.Ve +Read a private key from a \s-1BIO\s0 using the pass phrase \*(L"hello\*(R": +.PP +.Vb 5 +\& key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); +\& if (key == NULL) +\& { +\& /* Error */ +\& } +.Ve +Read a private key from a \s-1BIO\s0 using a pass phrase callback: +.PP +.Vb 5 +\& key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +\& if (key == NULL) +\& { +\& /* Error */ +\& } +.Ve +Skeleton pass phrase callback: +.PP +.Vb 6 +\& int pass_cb(char *buf, int size, int rwflag, void *u); +\& { +\& int len; +\& char *tmp; +\& /* We'd probably do something else if 'rwflag' is 1 */ +\& printf("Enter pass phrase for \e"%s\e"\en", u); +.Ve +.Vb 3 +\& /* get pass phrase, length 'len' into 'tmp' */ +\& tmp = "hello"; +\& len = strlen(tmp); +.Ve +.Vb 6 +\& if (len <= 0) return 0; +\& /* if too long, truncate */ +\& if (len > size) len = size; +\& memcpy(buf, tmp, len); +\& return len; +\& } +.Ve +.SH "NOTES" +.IX Header "NOTES" +The old \fBPrivateKey\fR write routines are retained for compatibility. +New applications should write private keys using the +\&\fIPEM_write_bio_PKCS8PrivateKey()\fR or \fIPEM_write_PKCS8PrivateKey()\fR routines +because they are more secure (they use an iteration count of 2048 whereas +the traditional routines use a count of 1) unless compatibility with older +versions of OpenSSL is important. +.PP +The \fBPrivateKey\fR read routines can be used in all applications because +they handle all formats transparently. +.PP +A frequent cause of problems is attempting to use the \s-1PEM\s0 routines like +this: +.PP +.Vb 2 +\& X509 *x; +\& PEM_read_bio_X509(bp, &x, 0, NULL); +.Ve +this is a bug because an attempt will be made to reuse the data at \fBx\fR +which is an uninitialised pointer. +.SH "PEM ENCRYPTION FORMAT" +.IX Header "PEM ENCRYPTION FORMAT" +This old \fBPrivateKey\fR routines use a non standard technique for encryption. +.PP +The private key (or other data) takes the following form: +.PP +.Vb 3 +\& -----BEGIN RSA PRIVATE KEY----- +\& Proc-Type: 4,ENCRYPTED +\& DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 +.Ve +.Vb 2 +\& ...base64 encoded data... +\& -----END RSA PRIVATE KEY----- +.Ve +The line beginning DEK-Info contains two comma separated pieces of information: +the encryption algorithm name as used by \fIEVP_get_cipherbyname()\fR and an 8 +byte \fBsalt\fR encoded as a set of hexadecimal digits. +.PP +After this is the base64 encoded encrypted data. +.PP +The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an +iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 +returned by \fIEVP_bytestokey()\fR. +.SH "BUGS" +.IX Header "BUGS" +The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse +an existing structure. Therefore the following: +.PP +.Vb 1 +\& PEM_read_bio(bp, &x, 0, NULL); +.Ve +where \fBx\fR already contains a valid certificate, may not work, whereas: +.PP +.Vb 2 +\& X509_free(x); +\& x = PEM_read_bio(bp, NULL, 0, NULL); +.Ve +is guaranteed to work. +.SH "RETURN CODES" +.IX Header "RETURN CODES" +The read routines return either a pointer to the structure read or \s-1NULL\s0 +is an error occurred. +.PP +The write routines return 1 for success or 0 for failure. diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 6f211bf..8010fbb 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:09 2002 +.\" Mon Jan 13 19:29:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "rand 3" -.TH rand 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH rand 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" rand \- pseudo-random number generator @@ -147,15 +147,17 @@ rand \- pseudo-random number generator .Vb 1 \& #include <openssl/rand.h> .Ve +.Vb 1 +\& int RAND_set_rand_engine(ENGINE *engine); +.Ve .Vb 2 \& int RAND_bytes(unsigned char *buf, int num); \& int RAND_pseudo_bytes(unsigned char *buf, int num); .Ve -.Vb 4 +.Vb 3 \& void RAND_seed(const void *buf, int num); \& void RAND_add(const void *buf, int num, int entropy); \& int RAND_status(void); -\& void RAND_screen(void); .Ve .Vb 3 \& int RAND_load_file(const char *file, long max_bytes); @@ -166,15 +168,33 @@ rand \- pseudo-random number generator \& int RAND_egd(const char *path); .Ve .Vb 3 -\& void RAND_set_rand_method(RAND_METHOD *meth); -\& RAND_METHOD *RAND_get_rand_method(void); +\& void RAND_set_rand_method(const RAND_METHOD *meth); +\& const RAND_METHOD *RAND_get_rand_method(void); \& RAND_METHOD *RAND_SSLeay(void); .Ve .Vb 1 \& void RAND_cleanup(void); .Ve +.Vb 3 +\& /* For Win32 only */ +\& void RAND_screen(void); +\& int RAND_event(UINT, WPARAM, LPARAM); +.Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" +Since the introduction of the \s-1ENGINE\s0 \s-1API\s0, the recommended way of controlling +default implementations is by using the \s-1ENGINE\s0 \s-1API\s0 functions. The default +\&\fB\s-1RAND_METHOD\s0\fR, as set by \fIRAND_set_rand_method()\fR and returned by +\&\fIRAND_get_rand_method()\fR, is only used if no \s-1ENGINE\s0 has been set as the default +\&\*(L"rand\*(R" implementation. Hence, these two functions are no longer the recommened +way to control defaults. +.PP +If an alternative \fB\s-1RAND_METHOD\s0\fR implementation is being used (either set +directly or as provided by an \s-1ENGINE\s0 module), then it is entirely responsible +for the generation and management of a cryptographically secure \s-1PRNG\s0 stream. The +mechanisms described below relate solely to the software \s-1PRNG\s0 implementation +built in to OpenSSL and used by default. +.PP These functions implement a cryptographically secure pseudo-random number generator (\s-1PRNG\s0). It is used by other library functions for example to generate random keys, and applications can use it when they diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index 8ff5347..6f9c522 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:09 2002 +.\" Mon Jan 13 19:29:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH rc4 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index a8ba8e2..507da0c 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:10 2002 +.\" Mon Jan 13 19:29:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH ripemd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 1667d44..4cb1a27 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:10 2002 +.\" Mon Jan 13 19:29:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,24 +138,29 @@ .\" ====================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH rsa 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" rsa \- \s-1RSA\s0 public key cryptosystem .SH "SYNOPSIS" .IX Header "SYNOPSIS" -.Vb 1 +.Vb 2 \& #include <openssl/rsa.h> +\& #include <openssl/engine.h> .Ve .Vb 2 \& RSA * RSA_new(void); \& void RSA_free(RSA *rsa); .Ve -.Vb 4 +.Vb 8 \& int RSA_public_encrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); \& int RSA_private_decrypt(int flen, unsigned char *from, \& unsigned char *to, RSA *rsa, int padding); +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); .Ve .Vb 4 \& int RSA_sign(int type, unsigned char *m, unsigned int m_len, @@ -164,7 +169,7 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); .Ve .Vb 1 -\& int RSA_size(RSA *rsa); +\& int RSA_size(const RSA *rsa); .Ve .Vb 2 \& RSA *RSA_generate_key(int num, unsigned long e, @@ -177,16 +182,15 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); \& void RSA_blinding_off(RSA *rsa); .Ve -.Vb 9 -\& void RSA_set_default_method(RSA_METHOD *meth); -\& RSA_METHOD *RSA_get_default_method(void); -\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); -\& RSA_METHOD *RSA_get_method(RSA *rsa); +.Vb 8 +\& void RSA_set_default_method(const RSA_METHOD *meth); +\& const RSA_METHOD *RSA_get_default_method(void); +\& int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); +\& const RSA_METHOD *RSA_get_method(const RSA *rsa); \& RSA_METHOD *RSA_PKCS1_SSLeay(void); -\& RSA_METHOD *RSA_PKCS1_RSAref(void); \& RSA_METHOD *RSA_null_method(void); -\& int RSA_flags(RSA *rsa); -\& RSA *RSA_new_method(RSA_METHOD *method); +\& int RSA_flags(const RSA *rsa); +\& RSA *RSA_new_method(ENGINE *engine); .Ve .Vb 2 \& int RSA_print(BIO *bp, RSA *x, int offset); @@ -198,12 +202,6 @@ rsa \- \s-1RSA\s0 public key cryptosystem \& int RSA_set_ex_data(RSA *r,int idx,char *arg); \& char *RSA_get_ex_data(RSA *r, int idx); .Ve -.Vb 4 -\& int RSA_private_encrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa,int padding); -\& int RSA_public_decrypt(int flen, unsigned char *from, -\& unsigned char *to, RSA *rsa,int padding); -.Ve .Vb 6 \& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, \& unsigned int m_len, unsigned char *sigret, unsigned int *siglen, @@ -241,6 +239,14 @@ In public keys, the private exponent and the related secret values are \&\fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR may be \fB\s-1NULL\s0\fR in private keys, but the \s-1RSA\s0 operations are much faster when these values are available. +.PP +Note that \s-1RSA\s0 keys may use non-standard \fB\s-1RSA_METHOD\s0\fR implementations, +either directly or by the use of \fB\s-1ENGINE\s0\fR modules. In some cases (eg. an +\&\s-1ENGINE\s0 providing support for hardware-embedded keys), these \s-1BIGNUM\s0 values +will not be used by the implementation or may be used for alternative data +storage. For this reason, applications should generally avoid using \s-1RSA\s0 +structure elements directly and instead use \s-1API\s0 functions to query or +modify keys. .SH "CONFORMING TO" .IX Header "CONFORMING TO" \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 @@ -250,7 +256,7 @@ available. .SH "SEE ALSO" .IX Header "SEE ALSO" rsa(1), bn(3), dsa(3), dh(3), -rand(3), RSA_new(3), +rand(3), engine(3), RSA_new(3), RSA_public_encrypt(3), RSA_sign(3), RSA_size(3), RSA_generate_key(3), diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 332f583..349f228 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:11 2002 +.\" Mon Jan 13 19:29:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "sha 3" -.TH sha 3 "0.9.6e" "2000-04-13" "OpenSSL" +.TH sha 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index e3c28bc..8f9f3d0 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:12 2002 +.\" Mon Jan 13 19:29:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "threads 3" -.TH threads 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH threads 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, @@ -200,7 +200,7 @@ OpenSSL can safely be used in multi-threaded applications provided that at least two callback functions are set. .PP locking_function(int mode, int n, const char *file, int line) is -needed to perform locking on shared data structures. +needed to perform locking on shared data structures. (Note that OpenSSL uses a number of global data structures that will be implicitly shared whenever multiple threads use OpenSSL.) Multi-threaded applications will crash at random if it is not set. diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 new file mode 100644 index 0000000..3acf313 --- /dev/null +++ b/secure/lib/libcrypto/man/ui.3 @@ -0,0 +1,339 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:35 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ui 3" +.TH ui 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string, +UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean, +UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string, +UI_add_error_string, UI_dup_error_string, UI_construct_prompt +UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process, +UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method, +UI_set_method, UI_OpenSSL, ERR_load_UI_strings \- New User Interface +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ui.h> +.Ve +.Vb 2 +\& typedef struct ui_st UI; +\& typedef struct ui_method_st UI_METHOD; +.Ve +.Vb 3 +\& UI *UI_new(void); +\& UI *UI_new_method(const UI_METHOD *method); +\& void UI_free(UI *ui); +.Ve +.Vb 18 +\& int UI_add_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_dup_input_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize); +\& int UI_add_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, const char *test_buf); +\& int UI_dup_verify_string(UI *ui, const char *prompt, int flags, +\& char *result_buf, int minsize, int maxsize, const char *test_buf); +\& int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, +\& const char *ok_chars, const char *cancel_chars, +\& int flags, char *result_buf); +\& int UI_add_info_string(UI *ui, const char *text); +\& int UI_dup_info_string(UI *ui, const char *text); +\& int UI_add_error_string(UI *ui, const char *text); +\& int UI_dup_error_string(UI *ui, const char *text); +.Ve +.Vb 3 +\& /* These are the possible flags. They can be or'ed together. */ +\& #define UI_INPUT_FLAG_ECHO 0x01 +\& #define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +.Ve +.Vb 2 +\& char *UI_construct_prompt(UI *ui_method, +\& const char *object_desc, const char *object_name); +.Ve +.Vb 2 +\& void *UI_add_user_data(UI *ui, void *user_data); +\& void *UI_get0_user_data(UI *ui); +.Ve +.Vb 1 +\& const char *UI_get0_result(UI *ui, int i); +.Ve +.Vb 1 +\& int UI_process(UI *ui); +.Ve +.Vb 3 +\& int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +\& #define UI_CTRL_PRINT_ERRORS 1 +\& #define UI_CTRL_IS_REDOABLE 2 +.Ve +.Vb 4 +\& void UI_set_default_method(const UI_METHOD *meth); +\& const UI_METHOD *UI_get_default_method(void); +\& const UI_METHOD *UI_get_method(UI *ui); +\& const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth); +.Ve +.Vb 1 +\& UI_METHOD *UI_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1UI\s0 stands for User Interface, and is general purpose set of routines to +prompt the user for text-based information. Through user-written methods +(see ui_create(3)), prompting can be done in any way +imaginable, be it plain text prompting, through dialog boxes or from a +cell phone. +.PP +All the functions work through a context of the type \s-1UI\s0. This context +contains all the information needed to prompt correctly as well as a +reference to a \s-1UI_METHOD\s0, which is an ordered vector of functions that +carry out the actual prompting. +.PP +The first thing to do is to create a \s-1UI\s0 with \fIUI_new()\fR or \fIUI_new_method()\fR, +then add information to it with the UI_add or UI_dup functions. Also, +user-defined random data can be passed down to the underlying method +through calls to UI_add_user_data. The default \s-1UI\s0 method doesn't care +about these data, but other methods might. Finally, use \fIUI_process()\fR +to actually perform the prompting and \fIUI_get0_result()\fR to find the result +to the prompt. +.PP +A \s-1UI\s0 can contain more than one prompt, which are performed in the given +sequence. Each prompt gets an index number which is returned by the +UI_add and UI_dup functions, and has to be used to get the corresponding +result with \fIUI_get0_result()\fR. +.PP +The functions are as follows: +.PP +\&\fIUI_new()\fR creates a new \s-1UI\s0 using the default \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_new_method()\fR creates a new \s-1UI\s0 using the given \s-1UI\s0 method. When done with +this \s-1UI\s0, it should be freed using \fIUI_free()\fR. +.PP +\&\fIUI_OpenSSL()\fR returns the built-in \s-1UI\s0 method (note: not the default one, +since the default can be changed. See further on). This method is the +most machine/OS dependent part of OpenSSL and normally generates the +most problems when porting. +.PP +\&\fIUI_free()\fR removes a \s-1UI\s0 from memory, along with all other pieces of memory +that's connected to it, like duplicated input strings, results and others. +.PP +\&\fIUI_add_input_string()\fR and \fIUI_add_verify_string()\fR add a prompt to the \s-1UI\s0, +as well as flags and a result buffer and the desired minimum and maximum +sizes of the result. The given information is used to prompt for +information, for example a password, and to verify a password (i.e. having +the user enter it twice and check that the same string was entered twice). +\&\fIUI_add_verify_string()\fR takes and extra argument that should be a pointer +to the result buffer of the input string that it's supposed to verify, or +verification will fail. +.PP +\&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered +in a boolean way, with a single character for yes and a different character +for no. A set of characters that can be used to cancel the prompt is given +as well. The prompt itself is really divided in two, one part being the +descriptive text (given through the \fIprompt\fR argument) and one describing +the possible answers (given through the \fIaction_desc\fR argument). +.PP +\&\fIUI_add_info_string()\fR and \fIUI_add_error_string()\fR add strings that are shown at +the same time as the prompt for extra information or to show an error string. +The difference between the two is only conceptual. With the builtin method, +there's no technical difference between them. Other methods may make a +difference between them, however. +.PP +The flags currently supported are \s-1UI_INPUT_FLAG_ECHO\s0, which is relevant for +\&\fIUI_add_input_string()\fR and will have the users response be echoed (when +prompting for a password, this flag should obviously not be used, and +\&\s-1UI_INPUT_FLAG_DEFAULT_PWD\s0, which means that a default password of some +sort will be used (completely depending on the application and the \s-1UI\s0 +method). +.PP +\&\fIUI_dup_input_string()\fR, \fIUI_dup_verify_string()\fR, \fIUI_dup_input_boolean()\fR, +\&\fIUI_dup_info_string()\fR and \fIUI_dup_error_string()\fR are basically the same +as their UI_add counterparts, except that they make their own copies +of all strings. +.PP +\&\fIUI_construct_prompt()\fR is a helper function that can be used to create +a prompt from two pieces of information: an description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter \fIdescription\fR for \fIname\fR:\*(L". With the +description \*(R"pass phrase\*(L" and the file name \*(R"foo.key\*(L", that becomes +\&\*(R"Enter pass phrase for foo.key:". Other methods may create whatever +string and may include encodings that will be processed by the other +method functions. +.PP +\&\fIUI_add_user_data()\fR adds a piece of memory for the method to use at any +time. The builtin \s-1UI\s0 method doesn't care about this info. Note that several +calls to this function doesn't add data, it replaces the previous blob +with the one given as argument. +.PP +\&\fIUI_get0_user_data()\fR retrieves the data that has last been given to the +\&\s-1UI\s0 with \fIUI_add_user_data()\fR. +.PP +\&\fIUI_get0_result()\fR returns a pointer to the result buffer associated with +the information indexed by \fIi\fR. +.PP +\&\fIUI_process()\fR goes through the information given so far, does all the printing +and prompting and returns. +.PP +\&\fIUI_ctrl()\fR adds extra control for the application author. For now, it +understands two commands: \s-1UI_CTRL_PRINT_ERRORS\s0, which makes \fIUI_process()\fR +print the OpenSSL error stack as part of processing the \s-1UI\s0, and +\&\s-1UI_CTRL_IS_REDOABLE\s0, which returns a flag saying if the used \s-1UI\s0 can +be used again or not. +.PP +\&\fIUI_set_default_method()\fR changes the default \s-1UI\s0 method to the one given. +.PP +\&\fIUI_get_default_method()\fR returns a pointer to the current default \s-1UI\s0 method. +.PP +\&\fIUI_get_method()\fR returns the \s-1UI\s0 method associated with a given \s-1UI\s0. +.PP +\&\fIUI_set_method()\fR changes the \s-1UI\s0 method associated with a given \s-1UI\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ui_create(3), ui_compat(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \s-1UI\s0 section was first introduced in OpenSSL 0.9.7. +.SH "AUTHOR" +.IX Header "AUTHOR" +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 new file mode 100644 index 0000000..aafe7e4 --- /dev/null +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:29:36 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ui_compat 3" +.TH ui_compat 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \- +Compatibility user interface functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 3 +\& int des_read_password(DES_cblock *key,const char *prompt,int verify); +\& int des_read_2passwords(DES_cblock *key1,DES_cblock *key2, +\& const char *prompt,int verify); +.Ve +.Vb 2 +\& int des_read_pw_string(char *buf,int length,const char *prompt,int verify); +\& int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1DES\s0 library contained a few routines to prompt for passwords. These +aren't necessarely dependent on \s-1DES\s0, and have therefore become part of the +\&\s-1UI\s0 compatibility library. +.PP +\&\fIdes_read_pw()\fR writes the string specified by \fIprompt\fR to standard output +turns echo off and reads an input string from the terminal. The string is +returned in \fIbuf\fR, which must have spac for at least \fIsize\fR bytes. +If \fIverify\fR is set, the user is asked for the password twice and unless +the two copies match, an error is returned. The second password is stored +in \fIbuff\fR, which must therefore also be at least \fIsize\fR bytes. A return +code of \-1 indicates a system error, 1 failure due to use interaction, and +0 is success. All other functions described here use \fIdes_read_pw()\fR to do +the work. +.PP +\&\fIdes_read_pw_string()\fR is a variant of \fIdes_read_pw()\fR that provides a buffer +for you if \fIverify\fR is set. +.PP +\&\fIdes_read_password()\fR calls \fIdes_read_pw()\fR and converts the password to a +\&\s-1DES\s0 key by calling \fIDES_string_to_key()\fR; \fIdes_read_2password()\fR operates in +the same way as \fIdes_read_password()\fR except that it generates two keys +by using the \fIDES_string_to_2key()\fR function. +.SH "NOTES" +.IX Header "NOTES" +\&\fIdes_read_pw_string()\fR is available in the \s-1MIT\s0 Kerberos library as well, and +is also available under the name \fIEVP_read_pw_string()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ui(3), ui_create(3) +.SH "AUTHOR" +.IX Header "AUTHOR" +Richard Levitte (richard@levitte.org) for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/opensslconf-alpha.h b/secure/lib/libcrypto/opensslconf-alpha.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-alpha.h +++ b/secure/lib/libcrypto/opensslconf-alpha.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-amd64.h b/secure/lib/libcrypto/opensslconf-amd64.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-amd64.h +++ b/secure/lib/libcrypto/opensslconf-amd64.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-i386.h b/secure/lib/libcrypto/opensslconf-i386.h index fc3cf04..48a1e03 100644 --- a/secure/lib/libcrypto/opensslconf-i386.h +++ b/secure/lib/libcrypto/opensslconf-i386.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-ia64.h b/secure/lib/libcrypto/opensslconf-ia64.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-ia64.h +++ b/secure/lib/libcrypto/opensslconf-ia64.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-powerpc.h b/secure/lib/libcrypto/opensslconf-powerpc.h index fc3cf04..48a1e03 100644 --- a/secure/lib/libcrypto/opensslconf-powerpc.h +++ b/secure/lib/libcrypto/opensslconf-powerpc.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libcrypto/opensslconf-sparc64.h b/secure/lib/libcrypto/opensslconf-sparc64.h index bcbfc08..53f7352 100644 --- a/secure/lib/libcrypto/opensslconf-sparc64.h +++ b/secure/lib/libcrypto/opensslconf-sparc64.h @@ -64,7 +64,7 @@ #endif #endif -#if defined(HEADER_DES_H) && !defined(DES_LONG) +#if (defined(HEADER_DES_H) || defined(HEADER_NEW_DES_H)) && !defined(DES_LONG) /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG diff --git a/secure/lib/libssl/Makefile b/secure/lib/libssl/Makefile index 22050fb..a75ad79 100644 --- a/secure/lib/libssl/Makefile +++ b/secure/lib/libssl/Makefile @@ -1,23 +1,54 @@ # $FreeBSD$ LIB= ssl -SHLIB_MAJOR= 2 +SHLIB_MAJOR= 3 NOLINT= true +.include "../libcrypto/Makefile.inc" + SRCS= bio_ssl.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c s23_srvr.c \ s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c s2_srvr.c \ s3_both.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ - ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.o \ + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_srvr.c -INCS= ssl.h ssl2.h ssl23.h ssl3.h tls1.h -INCSDIR=${INCLUDEDIR}/openssl -HDRS= ${INCS:S;^;../ssl/;} +MAN3= SSL_CIPHER_get_name.3 SSL_COMP_add_compression_method.3 \ + SSL_CTX_add_extra_chain_cert.3 SSL_CTX_add_session.3 SSL_CTX_ctrl.3 \ + SSL_CTX_flush_sessions.3 SSL_CTX_free.3 SSL_CTX_get_ex_new_index.3 \ + SSL_CTX_get_verify_mode.3 SSL_CTX_load_verify_locations.3 \ + SSL_CTX_new.3 SSL_CTX_sess_number.3 SSL_CTX_sess_set_cache_size.3 \ + SSL_CTX_sess_set_get_cb.3 SSL_CTX_sessions.3 SSL_CTX_set_cert_store.3 \ + SSL_CTX_set_cert_verify_callback.3 SSL_CTX_set_cipher_list.3 \ + SSL_CTX_set_client_CA_list.3 SSL_CTX_set_client_cert_cb.3 \ + SSL_CTX_set_default_passwd_cb.3 SSL_CTX_set_generate_session_id.3 \ + SSL_CTX_set_info_callback.3 SSL_CTX_set_max_cert_list.3 \ + SSL_CTX_set_mode.3 SSL_CTX_set_msg_callback.3 SSL_CTX_set_options.3 \ + SSL_CTX_set_quiet_shutdown.3 SSL_CTX_set_session_cache_mode.3 \ + SSL_CTX_set_session_id_context.3 SSL_CTX_set_ssl_version.3 \ + SSL_CTX_set_timeout.3 SSL_CTX_set_tmp_dh_callback.3 \ + SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_verify.3 \ + SSL_CTX_use_certificate.3 SSL_SESSION_free.3 \ + SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_time.3 SSL_accept.3 \ + SSL_alert_type_string.3 SSL_clear.3 SSL_connect.3 SSL_do_handshake.3 \ + SSL_free.3 SSL_get_SSL_CTX.3 SSL_get_ciphers.3 \ + SSL_get_client_CA_list.3 SSL_get_current_cipher.3 \ + SSL_get_default_timeout.3 SSL_get_error.3 \ + SSL_get_ex_data_X509_STORE_CTX_idx.3 SSL_get_ex_new_index.3 \ + SSL_get_fd.3 SSL_get_peer_cert_chain.3 SSL_get_peer_certificate.3 \ + SSL_get_rbio.3 SSL_get_session.3 SSL_get_verify_result.3 \ + SSL_get_version.3 SSL_library_init.3 SSL_load_client_CA_file.3 \ + SSL_new.3 SSL_pending.3 SSL_read.3 SSL_rstate_string.3 \ + SSL_session_reused.3 SSL_set_bio.3 SSL_set_connect_state.3 \ + SSL_set_fd.3 SSL_set_session.3 SSL_set_shutdown.3 \ + SSL_set_verify_result.3 SSL_shutdown.3 SSL_state_string.3 \ + SSL_want.3 SSL_write.3 d2i_SSL_SESSION.3 ssl.3 -.include "../libcrypto/Makefile.inc" - -.PATH: ${LCRYPTO_SRC}/../ssl +INCS= kssl.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h +INCSDIR=${INCLUDEDIR}/openssl .include <bsd.lib.mk> + +.PATH: ${LCRYPTO_SRC}/ssl \ + ${.CURDIR}/man diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index 2f25fb8..a8b1303 100644 --- a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:12 2002 +.\" Mon Jan 13 19:34:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index df9c0a0..a71b9a8 100644 --- a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:13 2002 +.\" Mon Jan 13 19:34:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index 6fe189f..b50d3db 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:14 2002 +.\" Mon Jan 13 19:34:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_add_extra_chain_cert \- add certificate to chain diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 8e2bea2..8e36ab4 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:14 2002 +.\" Mon Jan 13 19:34:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_add_session 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache @@ -176,6 +176,14 @@ stored in a different \s-1SSL_SESSION\s0 object, The old session is removed and replaced by the new session. If the session is actually identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR is a no-op, and the return value is 0. +.PP +If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 +flag then the internal cache will not be populated automatically by new +sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +application can use \fISSL_CTX_add_session()\fR directly to have full control +over the sessions that can be resumed if desired. .SH "RETURN VALUES" .IX Header "RETURN VALUES" The following values are returned by all functions: diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index 58fb374..0a4099c 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:15 2002 +.\" Mon Jan 13 19:34:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_ctrl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects @@ -148,11 +148,11 @@ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal han \& #include <openssl/ssl.h> .Ve .Vb 2 -\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg); \& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); .Ve .Vb 2 -\& long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg); \& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); .Ve .SH "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 07740f0..e5ff102 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:15 2002 +.\" Mon Jan 13 19:34:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 537d73f..2b69931 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:16 2002 +.\" Mon Jan 13 19:34:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_free 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 1d5ee3c..c9f37e1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:17 2002 +.\" Mon Jan 13 19:34:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index b4ffd92..69e2496 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:17 2002 +.\" Mon Jan 13 19:34:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index 61ccfea..72d6180 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:18 2002 +.\" Mon Jan 13 19:34:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index 9660af2..8373f64 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:18 2002 +.\" Mon Jan 13 19:34:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index 65efe32..dabce64 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:19 2002 +.\" Mon Jan 13 19:34:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CTX_sess_number 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index e182791..f09b241 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:20 2002 +.\" Mon Jan 13 19:34:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index c7ecde5..a7193f1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:20 2002 +.\" Mon Jan 13 19:34:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 19802ef..f60fcaf 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:21 2002 +.\" Mon Jan 13 19:34:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CTX_sessions 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_sessions \- access internal session cache diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index 82f6f7f..ea9c213 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:21 2002 +.\" Mon Jan 13 19:34:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index a197941..fbba61d 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:22 2002 +.\" Mon Jan 13 19:34:40 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure @@ -147,38 +147,36 @@ SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure .Vb 1 \& #include <openssl/ssl.h> .Ve -.Vb 3 -\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), -\& char *arg); -\& int (*callback)(); +.Vb 1 +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for -\&\fBctx\fR. \s-1SSL\s0 objects, that are created from \fBctx\fR inherit the setting valid at -the time, SSL_new(3) is called. \fBarg\fR is currently ignored. +\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at +the time when SSL_new(3) is called. .SH "NOTES" .IX Header "NOTES" Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification function is called. If the application does not explicitly specify a verification callback function, the built-in verification function is used. -If a verification callback \fBcallback\fR is specified via +If a verification callback \fIcallback\fR is specified via \&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called -instead. By setting \fBcallback\fR to \s-1NULL\s0, the default behaviour is restored. +instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored. .PP -When the verification must be performed, \fBcallback\fR will be called with -the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments \fBarg\fR -that can be specified when setting \fBcallback\fR are currently ignored. +When the verification must be performed, \fIcallback\fR will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument \fIarg\fR is specified by the application when setting \fIcallback\fR. .PP -\&\fBcallback\fR should return 1 to indicate verification success and 0 to -indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fBcallback\fR +\&\fIcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR returns 0, the handshake will fail. As the verification procedure may allow to continue the connection in case of failure (by always returning 1) the verification result must be set in any case using the \fBerror\fR -member of \fBx509_store_ctx\fR, so that the calling application will be informed +member of \fIx509_store_ctx\fR so that the calling application will be informed about the detailed result of the verification procedure! .PP -Within \fBx509_store_ctx\fR, \fBcallback\fR has access to the \fBverify_callback\fR +Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR function set using SSL_CTX_set_verify(3). .SH "WARNINGS" .IX Header "WARNINGS" @@ -193,11 +191,6 @@ and in most cases it should be sufficient to modify its behaviour using the \fBverify_callback\fR function. .SH "BUGS" .IX Header "BUGS" -It is possible to specify arguments to be passed to the verification callback. -Currently they are however not passed but ignored. -.PP -The \fBcallback\fR function is not specified via a prototype, so that no -type checking takes place. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. @@ -206,3 +199,10 @@ type checking takes place. ssl(3), SSL_CTX_set_verify(3), SSL_get_verify_result(3), SSL_CTX_load_verify_locations(3) +.SH "HISTORY" +.IX Header "HISTORY" +Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR +was ignored, and \fIcallback\fR was called simply as + int (*callback)(X509_STORE_CTX *) +To compile software written for previous versions of OpenSSL, a dummy +argument will have to be added to \fIcallback\fR. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 96ea953..0fe89b0 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:23 2002 +.\" Mon Jan 13 19:34:41 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index e440c6a..d46da03 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:23 2002 +.\" Mon Jan 13 19:34:42 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index a0f450f..73a04c1 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:24 2002 +.\" Mon Jan 13 19:34:43 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index 402a89d..c165532 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:24 2002 +.\" Mon Jan 13 19:34:44 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 0000000..2eb467d --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,288 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:45 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_generate_session_id 3" +.TH SSL_CTX_set_generate_session_id 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, +\& unsigned int *id_len); +.Ve +.Vb 4 +\& int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb); +\& int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb); +\& int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, +\& unsigned int id_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBctx\fR to be \fBcb\fR. +.PP +\&\fISSL_set_generate_session_id()\fR sets the callback function for generating +new session ids for \s-1SSL/TLS\s0 sessions for \fBssl\fR to be \fBcb\fR. +.PP +\&\fISSL_has_matching_session_id()\fR checks, whether a session with id \fBid\fR +(of length \fBid_len\fR) is already contained in the internal session cache +of the parent context of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When a new session is established between client and server, the server +generates a session id. The session id is an arbitrary sequence of bytes. +The length of the session id is 16 bytes for SSLv2 sessions and between +1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical +but must be unique for the server. Additionally, the session id is +transmitted in the clear when reusing the session so it must not contain +sensitive information. +.PP +Without a callback being set, an OpenSSL server will generate a unique +session id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like e.g. a host id in order to improve load balancing +or external caching techniques. +.PP +The callback function receives a pointer to the memory location to put +\&\fBid\fR into and a pointer to the maximum allowed length \fBid_len\fR. The +buffer at location \fBid\fR is only guaranteed to have the size \fBid_len\fR. +The callback is only allowed to generate a shorter id and reduce \fBid_len\fR; +the callback \fBmust never\fR increase \fBid_len\fR or write to the location +\&\fBid\fR exceeding the given limit. +.PP +If a SSLv2 session id is generated and \fBid_len\fR is reduced, it will be +restored after the callback has finished and the session id will be padded +with 0x00. It is not recommended to change the \fBid_len\fR for SSLv2 sessions. +The callback can use the SSL_get_version(3) function +to check, whether the session is of type SSLv2. +.PP +The location \fBid\fR is filled with 0x00 before the callback is called, so the +callback may only fill part of the possible length and leave \fBid_len\fR +untouched while maintaining reproducibility. +.PP +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, so that the probability +of generating the same session id is extremely small (2^128 possible ids +for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the +uniqueness of the generated session id, the callback must call +\&\fISSL_has_matching_session_id()\fR and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes e.g. a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). If the application can not +guarantee uniqueness, it is recommended to use the maximum \fBid_len\fR and +fill in the bytes not used to code special information with random data +to avoid collisions. +.PP +\&\fISSL_has_matching_session_id()\fR will only query the internal session cache, +not the external one. Since the session id is generated before the +handshake is completed, it is not immediately added to the cache. If +another thread is using the same internal session cache, a race condition +can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, since +the external cache is not tested with \fISSL_has_matching_session_id()\fR +and the same race condition applies. +.PP +When calling \fISSL_has_matching_session_id()\fR for an SSLv2 session with +reduced \fBid_len\fR, the match operation will be performed using the +fixed length required and with a 0x00 padded id. +.PP +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The callback function listed will generate a session id with the +server id given, and will fill the rest with pseudo random bytes: +.PP +.Vb 1 +\& const char session_id_prefix = "www-18"; +.Ve +.Vb 6 +\& #define MAX_SESSION_ID_ATTEMPTS 10 +\& static int generate_session_id(const SSL *ssl, unsigned char *id, +\& unsigned int *id_len) +\& { +\& unsigned int count = 0; +\& const char *version; +.Ve +.Vb 3 +\& version = SSL_get_version(ssl); +\& if (!strcmp(version, "SSLv2")) +\& /* we must not change id_len */; +.Ve +.Vb 17 +\& do { +\& RAND_pseudo_bytes(id, *id_len); +\& /* Prefix the session_id with the required prefix. NB: If our +\& * prefix is too long, clip it - but there will be worse effects +\& * anyway, eg. the server could only possibly create 1 session +\& * ID (ie. the prefix!) so all future session negotiations will +\& * fail due to conflicts. */ +\& memcpy(id, session_id_prefix, +\& (strlen(session_id_prefix) < *id_len) ? +\& strlen(session_id_prefix) : *id_len); +\& } +\& while(SSL_has_matching_session_id(ssl, id, *id_len) && +\& (++count < MAX_SESSION_ID_ATTEMPTS)); +\& if(count >= MAX_SESSION_ID_ATTEMPTS) +\& return 0; +\& return 1; +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_generate_session_id()\fR and \fISSL_set_generate_session_id()\fR +always return 1. +.PP +\&\fISSL_has_matching_session_id()\fR returns 1 if another session with the +same id is already in the cache. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_version(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_generate_session_id()\fR, \fISSL_set_generate_session_id()\fR +and \fISSL_has_matching_session_id()\fR have been introduced in +OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index e834e94..52c455f 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:25 2002 +.\" Mon Jan 13 19:34:46 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 0000000..6d65001 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:47 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_max_cert_list 3" +.TH SSL_CTX_set_max_cert_list 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size); +\& long SSL_CTX_get_max_cert_list(SSL_CTX *ctx); +.Ve +.Vb 2 +\& long SSL_set_max_cert_list(SSL *ssl, long size); +\& long SSL_get_max_cert_list(SSL *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for all \s-1SSL\s0 objects created from \fBctx\fR to be <size> bytes. +The \s-1SSL\s0 objects inherit the setting valid for \fBctx\fR at the time +SSL_new(3) is being called. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR returns the currently set maximum size for \fBctx\fR. +.PP +\&\fISSL_set_max_cert_list()\fR sets the maximum size allowed for the peer's +certificate chain for \fBssl\fR to be <size> bytes. This setting stays valid +until a new value is set. +.PP +\&\fISSL_get_max_cert_list()\fR returns the currently set maximum size for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During the handshake process, the peer may send a certificate chain. +The \s-1TLS/SSL\s0 standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bounds due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.PP +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit \s-1DOS\s0 platform). This should be sufficient for usual certificate +chains (OpenSSL's default maximum chain length is 10, see +SSL_CTX_set_verify(3), and certificates +without special extensions have a typical size of 1\-2kB). +.PP +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer, see e.g. the work on +\&\*(L"Internet X.509 Public Key Infrastructure Proxy Certificate Profile\*(R" +and \*(L"\s-1TLS\s0 Delegation Protocol\*(R" at http://www.ietf.org/ and +http://www.globus.org/ . +.PP +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.PP +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a \s-1SSL_R_EXCESSIVE_MESSAGE_SIZE\s0 error. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_max_cert_list()\fR and \fISSL_set_max_cert_list()\fR return the previously +set value. +.PP +\&\fISSL_CTX_get_max_cert_list()\fR and \fISSL_get_max_cert_list()\fR return the currently +set value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), +SSL_CTX_set_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +SSL*_set/\fIget_max_cert_list()\fR have been introduced in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index 4ed6233..bf13cde 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:26 2002 +.\" Mon Jan 13 19:34:48 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_mode 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 new file mode 100644 index 0000000..666c346 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,225 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Mon Jan 13 19:34:49 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_set_msg_callback 3" +.TH SSL_CTX_set_msg_callback 3 "0.9.7" "2003-01-13" "OpenSSL" +.UC +.SH "NAME" +SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +\& void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +.Ve +.Vb 2 +\& void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); +\& void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_msg_callback()\fR or \fISSL_set_msg_callback()\fR can be used to +define a message callback function \fIcb\fR for observing all \s-1SSL/TLS\s0 +protocol messages (such as handshake messages) that are received or +sent. \fISSL_CTX_set_msg_callback_arg()\fR and \fISSL_set_msg_callback_arg()\fR +can be used to set argument \fIarg\fR to the callback function, which is +available for arbitrary application use. +.PP +\&\fISSL_CTX_set_msg_callback()\fR and \fISSL_CTX_set_msg_callback_arg()\fR specify +default settings that will be copied to new \fB\s-1SSL\s0\fR objects by +SSL_new(3). \fISSL_set_msg_callback()\fR and +\&\fISSL_set_msg_callback_arg()\fR modify the actual settings of an \fB\s-1SSL\s0\fR +object. Using a \fB0\fR pointer for \fIcb\fR disables the message callback. +.PP +When \fIcb\fR is called by the \s-1SSL/TLS\s0 library for a protocol message, +the function arguments have the following meaning: +.Ip "\fIwrite_p\fR" 4 +.IX Item "write_p" +This flag is \fB0\fR when a protocol message has been received and \fB1\fR +when a protocol message has been sent. +.Ip "\fIversion\fR" 4 +.IX Item "version" +The protocol version according to which the protocol message is +interpreted by the library. Currently, this is one of +\&\fB\s-1SSL2_VERSION\s0\fR, \fB\s-1SSL3_VERSION\s0\fR and \fB\s-1TLS1_VERSION\s0\fR (for \s-1SSL\s0 2.0, \s-1SSL\s0 +3.0 and \s-1TLS\s0 1.0, respectively). +.Ip "\fIcontent_type\fR" 4 +.IX Item "content_type" +In the case of \s-1SSL\s0 2.0, this is always \fB0\fR. In the case of \s-1SSL\s0 3.0 +or \s-1TLS\s0 1.0, this is one of the \fBContentType\fR values defined in the +protocol specification (\fBchange_cipher_spec(20)\fR, \fBalert(21)\fR, +\&\fBhandshake(22)\fR; but never \fBapplication_data(23)\fR because the +callback will only be called for protocol messages). +.Ip "\fIbuf\fR, \fIlen\fR" 4 +.IX Item "buf, len" +\&\fIbuf\fR points to a buffer containing the protocol message, which +consists of \fIlen\fR bytes. The buffer is no longer valid after the +callback function has returned. +.Ip "\fIssl\fR" 4 +.IX Item "ssl" +The \fB\s-1SSL\s0\fR object that received or sent the message. +.Ip "\fIarg\fR" 4 +.IX Item "arg" +The user-defined argument optionally defined by +\&\fISSL_CTX_set_msg_callback_arg()\fR or \fISSL_set_msg_callback_arg()\fR. +.SH "NOTES" +.IX Header "NOTES" +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. (Thus record boundaries are +not visible.) +.PP +If processing a received protocol message results in an error, +the callback function may not be called. For example, the callback +function will never see messages that are considered too large to be +processed. +.PP +Due to automatic protocol version negotiation, \fIversion\fR is not +necessarily the protocol version used by the sender of the message: If +a \s-1TLS\s0 1.0 ClientHello message is received by an \s-1SSL\s0 3.0\-only server, +\&\fIversion\fR will be \fB\s-1SSL3_VERSION\s0\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_CTX_set_msg_callback()\fR, \fISSL_CTX_set_msg_callback_arg()\fR, +\&\fISSL_set_msg_callback()\fR and \fISSL_get_msg_callback_arg()\fR were added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 77d9e08..bc31819 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:26 2002 +.\" Mon Jan 13 19:34:50 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_set_options 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options @@ -228,17 +228,6 @@ doing a re-connect, always takes the first cipher in the cipher list. .Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 .IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" \&... -.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 -.IX Item "SSL_OP_TLS_ROLLBACK_BUG" -Disable version rollback attack detection. -.Sp -During the client key exchange, the client must send the same information -about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some -clients violate this rule by adapting to the server's answer. (Example: -the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server -only understands up to SSLv3. In this case the client must still use the -same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect -to the server's answer and violate the version rollback protection.) .Ip "\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0" 4 .IX Item "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS" Disables a countermeasure against a \s-1SSL\s0 3.0/TLS 1.0 protocol @@ -254,6 +243,17 @@ options if compatibility with somewhat broken implementations is desired. .PP The following \fBmodifying\fR options are available: +.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) .Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 .IX Item "SSL_OP_SINGLE_DH_USE" Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters @@ -263,7 +263,7 @@ the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes (e.g. when using DSA-parameters, see dhparam(1)). If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate a new \s-1DH\s0 key during each handshake but it is also recommended. -\&\s-1SSL_OP_SINGLE_DH_USE\s0 should therefore be enabled whenever +\&\fB\s-1SSL_OP_SINGLE_DH_USE\s0\fR should therefore be enabled whenever temporary/ephemeral \s-1DH\s0 parameters are used. .Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 .IX Item "SSL_OP_EPHEMERAL_RSA" @@ -276,6 +276,13 @@ with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral \&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral Diffie-Hellman) key exchange should be used instead. +.Ip "\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0" 4 +.IX Item "SSL_OP_CIPHER_SERVER_PREFERENCE" +When choosing a cipher, use the server's preferences instead of the client +preferences. When not set, the \s-1SSL\s0 server will always follow the clients +preferences. When set, the SSLv3/TLSv1 server will choose following its +own preferences. Because of the different protocol, for SSLv2 the server +will send his list of preferences to the client and the client chooses. .Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 .IX Item "SSL_OP_PKCS1_CHECK_1" \&... @@ -299,6 +306,11 @@ Do not use the SSLv3 protocol. .Ip "SSL_OP_NO_TLSv1" 4 .IX Item "SSL_OP_NO_TLSv1" Do not use the TLSv1 protocol. +.Ip "\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0" 4 +.IX Item "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION" +When performing renegotiation as a server, always start a new session +(i.e., session resumption requests are only accepted in the initial +handshake). This option is not needed for clients. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask @@ -313,7 +325,13 @@ SSL_CTX_set_tmp_rsa_callback(3), dhparam(1) .SH "HISTORY" .IX Header "HISTORY" -\&\s-1SSL_OP_TLS_ROLLBACK_BUG\s0 has been added in OpenSSL 0.9.6. +\&\fB\s-1SSL_OP_CIPHER_SERVER_PREFERENCE\s0\fR and +\&\fB\s-1SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION\s0\fR have been added in +OpenSSL 0.9.7. +.PP +\&\fB\s-1SSL_OP_TLS_ROLLBACK_BUG\s0\fR has been added in OpenSSL 0.9.6 and was automatically +enabled with \fB\s-1SSL_OP_ALL\s0\fR. As of 0.9.7, it is no longer included in \fB\s-1SSL_OP_ALL\s0\fR +and must be explicitly set. .PP \&\fB\s-1SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS\s0\fR has been added in OpenSSL 0.9.6e. Versions up to OpenSSL 0.9.6c do not include the countermeasure that diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index af9c079..27dc385 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:27 2002 +.\" Mon Jan 13 19:34:51 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index 3f5f5ae..76b9d59 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:28 2002 +.\" Mon Jan 13 19:34:52 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching @@ -165,12 +165,14 @@ The sessions can be held in memory for each \fBctx\fR, if more than one object. .PP In order to reuse a session, a client must send the session's id to the -server. It can only send exactly one id. The server then decides whether it -agrees in reusing the session or starts the handshake for a new session. +server. It can only send exactly one id. The server then either +agrees to reuse the session or it starts a full handshake (to create a new +session). .PP -A server will lookup up the session in its internal session storage. If -the session is not found in internal storage or internal storage is -deactivated, the server will try the external storage if available. +A server will lookup up the session in its internal session storage. If the +session is not found in internal storage or lookups for the internal storage +have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try +the external storage if available. .PP Since a client may try to reuse a session intended for use in a different context, the session id context must be set by the server (see @@ -191,9 +193,10 @@ function. This option is not activated by default. .Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 .IX Item "SSL_SESS_CACHE_SERVER" Server sessions are added to the session cache. When a client proposes a -session to be reused, the session is looked up in the internal session cache. -If the session is found, the server will try to reuse the session. -This is the default. +session to be reused, the server looks for the corresponding session in (first) +the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set), +then (second) in the external cache if available. If the session is found, the +server will try to reuse the session. This is the default. .Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 .IX Item "SSL_SESS_CACHE_BOTH" Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. @@ -208,11 +211,28 @@ SSL_CTX_flush_sessions(3) can be called explicitly by the application. .Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" -By setting this flag sessions are cached in the internal storage but -they are not looked up automatically. If an external session cache -is enabled, sessions are looked up in the external cache. As automatic -lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not +automatically look up sessions in the internal cache, even if sessions are +automatically stored there. If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on clients. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE" +Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0, +sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will +prevent sessions being stored in the internal cache (though the application can +add them manually using SSL_CTX_add_session(3)). Note: +in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful +session lookups in the external cache (ie. for session-resume requests) would +normally be copied into the local cache before processing continues \- this flag +prevents these additions to the internal cache as well. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL" +Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time. .PP The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. .SH "RETURN VALUES" @@ -224,9 +244,14 @@ The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. .IX Header "SEE ALSO" ssl(3), SSL_set_session(3), SSL_session_reused(3), +SSL_CTX_add_session(3), SSL_CTX_sess_number(3), SSL_CTX_sess_set_cache_size(3), SSL_CTX_sess_set_get_cb(3), SSL_CTX_set_session_id_context(3), SSL_CTX_set_timeout(3), SSL_CTX_flush_sessions(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0 +were introduced in OpenSSL 0.9.6h. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index 5f7c530..28eb5c5 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:28 2002 +.\" Mon Jan 13 19:34:53 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 13be704..58a7f3e 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:29 2002 +.\" Mon Jan 13 19:34:54 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 0d94664..1c0d406 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:29 2002 +.\" Mon Jan 13 19:34:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 8f83135..fb0d6a6 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:30 2002 +.\" Mon Jan 13 19:34:55 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 350e621..7f66c07 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:31 2002 +.\" Mon Jan 13 19:34:56 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index cc4b22a..7d220f3 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:31 2002 +.\" Mon Jan 13 19:34:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_CTX_set_verify 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters @@ -370,7 +370,7 @@ SSL_get_ex_data_X509_STORE_CTX_idx(3)). \& * At this point, err contains the last verification error. We can use \& * it for something special \& */ -\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) \& { \& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); \& printf("issuer= %s\en", buf); diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index 159cc73..09d4fee 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:32 2002 +.\" Mon Jan 13 19:34:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index a81b4bb..bf03d05 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:33 2002 +.\" Mon Jan 13 19:35:00 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_SESSION_free 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 22e7422..d603f51 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:33 2002 +.\" Mon Jan 13 19:35:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index ebc0e38..b347df5 100644 --- a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:34 2002 +.\" Mon Jan 13 19:35:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_SESSION_get_time 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index ca2c4d8..3990be6 100644 --- a/secure/lib/libcrypto/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:34 2002 +.\" Mon Jan 13 19:35:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_accept 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 32a8b3b..87d9b37 100644 --- a/secure/lib/libcrypto/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:35 2002 +.\" Mon Jan 13 19:35:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_alert_type_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information @@ -148,12 +148,12 @@ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_al \& #include <openssl/ssl.h> .Ve .Vb 2 -\& char *SSL_alert_type_string(int value); -\& char *SSL_alert_type_string_long(int value); +\& const char *SSL_alert_type_string(int value); +\& const char *SSL_alert_type_string_long(int value); .Ve .Vb 2 -\& char *SSL_alert_desc_string(int value); -\& char *SSL_alert_desc_string_long(int value); +\& const char *SSL_alert_desc_string(int value); +\& const char *SSL_alert_desc_string_long(int value); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index 6f7bb61..657be53 100644 --- a/secure/lib/libcrypto/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:36 2002 +.\" Mon Jan 13 19:35:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_clear 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_clear \- reset \s-1SSL\s0 object to allow another connection diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index ad19131..12b3bb0 100644 --- a/secure/lib/libcrypto/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:36 2002 +.\" Mon Jan 13 19:35:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_connect 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server diff --git a/secure/lib/libcrypto/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index 0214192..d9c5db9 100644 --- a/secure/lib/libcrypto/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:37 2002 +.\" Mon Jan 13 19:35:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_do_handshake 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index c905cfd..65a6b8f 100644 --- a/secure/lib/libcrypto/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:38 2002 +.\" Mon Jan 13 19:35:07 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_free 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_free \- free an allocated \s-1SSL\s0 structure diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index 874ee382..b8f2a94 100644 --- a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:38 2002 +.\" Mon Jan 13 19:35:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index 3e8477b..54dccf3 100644 --- a/secure/lib/libcrypto/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:39 2002 +.\" Mon Jan 13 19:35:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_ciphers 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs diff --git a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index f0f8af0..9221575 100644 --- a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:39 2002 +.\" Mon Jan 13 19:35:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_get_client_CA_list 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index 4d5bca4..22e8bd3 100644 --- a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:40 2002 +.\" Mon Jan 13 19:35:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_current_cipher 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 38525e7..037b17e 100644 --- a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:41 2002 +.\" Mon Jan 13 19:35:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_default_timeout 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_default_timeout \- get default session timeout value diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index c5d74cc..745ae3a 100644 --- a/secure/lib/libcrypto/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:41 2002 +.\" Mon Jan 13 19:35:13 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_get_error 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation diff --git a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index ef03a57..1810c9e 100644 --- a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:42 2002 +.\" Mon Jan 13 19:35:14 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure diff --git a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 09afa61..da51320 100644 --- a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:42 2002 +.\" Mon Jan 13 19:35:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL" +.TH SSL_get_ex_new_index 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index 4d077fe..75f9557 100644 --- a/secure/lib/libcrypto/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:43 2002 +.\" Mon Jan 13 19:35:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 6185b12..ab3d7af 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:44 2002 +.\" Mon Jan 13 19:35:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index 49acf8b..471b5ba 100644 --- a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:44 2002 +.\" Mon Jan 13 19:35:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_peer_certificate 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_peer_certificate \- get the X509 certificate of the peer diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index a8719af..cc3f416 100644 --- a/secure/lib/libcrypto/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:45 2002 +.\" Mon Jan 13 19:35:18 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_get_rbio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index bcfd33b..49b5342 100644 --- a/secure/lib/libcrypto/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:45 2002 +.\" Mon Jan 13 19:35:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_get_session 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index 86762ca..8a3654d 100644 --- a/secure/lib/libcrypto/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:46 2002 +.\" Mon Jan 13 19:35:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_get_verify_result 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_verify_result \- get result of peer certificate verification diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index c80c552..8ea668a 100644 --- a/secure/lib/libcrypto/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:47 2002 +.\" Mon Jan 13 19:35:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "0.9.6e" "2001-05-19" "OpenSSL" +.TH SSL_get_version 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_get_version \- get the protocol version of a connection. diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 437f1da..28422c6 100644 --- a/secure/lib/libcrypto/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:47 2002 +.\" Mon Jan 13 19:35:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_library_init 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index 8869853..aa545bc 100644 --- a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:48 2002 +.\" Mon Jan 13 19:35:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_load_client_CA_file 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_load_client_CA_file \- load certificate names from file diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index 976e31e..588900c 100644 --- a/secure/lib/libcrypto/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:48 2002 +.\" Mon Jan 13 19:35:24 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_new 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_new \- create a new \s-1SSL\s0 structure for a connection diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index 41951d4..a5f0a0c 100644 --- a/secure/lib/libcrypto/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:49 2002 +.\" Mon Jan 13 19:35:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "0.9.6e" "2001-02-17" "OpenSSL" +.TH SSL_pending 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 49a080e..f94ed5e 100644 --- a/secure/lib/libcrypto/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:50 2002 +.\" Mon Jan 13 19:35:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_read 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index e6a93bd..3eabd62 100644 --- a/secure/lib/libcrypto/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:50 2002 +.\" Mon Jan 13 19:35:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_rstate_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation @@ -148,8 +148,8 @@ SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of \& #include <openssl/ssl.h> .Ve .Vb 2 -\& char *SSL_rstate_string(SSL *ssl); -\& char *SSL_rstate_string_long(SSL *ssl); +\& const char *SSL_rstate_string(SSL *ssl); +\& const char *SSL_rstate_string_long(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 302ccac..3511b36 100644 --- a/secure/lib/libcrypto/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:51 2002 +.\" Mon Jan 13 19:35:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_session_reused 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_session_reused \- query whether a reused session was negotiated during handshake diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index 80c46a4..6d59eae 100644 --- a/secure/lib/libcrypto/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:51 2002 +.\" Mon Jan 13 19:35:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_set_bio 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 8be743a..0d0e063 100644 --- a/secure/lib/libcrypto/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:52 2002 +.\" Mon Jan 13 19:35:30 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_set_connect_state 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index c2628f9..fce5274 100644 --- a/secure/lib/libcrypto/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:53 2002 +.\" Mon Jan 13 19:35:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_set_fd 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 7c688ec..d42f4d3 100644 --- a/secure/lib/libcrypto/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:53 2002 +.\" Mon Jan 13 19:35:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_set_session 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index 3696d33..0b14492 100644 --- a/secure/lib/libcrypto/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:54 2002 +.\" Mon Jan 13 19:35:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_set_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index 5b317e9..f4b7e34 100644 --- a/secure/lib/libcrypto/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:55 2002 +.\" Mon Jan 13 19:35:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "0.9.6e" "2000-11-12" "OpenSSL" +.TH SSL_set_verify_result 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_set_verify_result \- override result of peer certificate verification diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index 7dbc29e..d83fe3c 100644 --- a/secure/lib/libcrypto/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:55 2002 +.\" Mon Jan 13 19:35:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_shutdown 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 115fffc..578ac6e 100644 --- a/secure/lib/libcrypto/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:56 2002 +.\" Mon Jan 13 19:35:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_state_string 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object @@ -148,8 +148,8 @@ SSL_state_string, SSL_state_string_long \- get textual description of state of a \& #include <openssl/ssl.h> .Ve .Vb 2 -\& char *SSL_state_string(SSL *ssl); -\& char *SSL_state_string_long(SSL *ssl); +\& const char *SSL_state_string(SSL *ssl); +\& const char *SSL_state_string_long(SSL *ssl); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index 288e22a..a1cddcb 100644 --- a/secure/lib/libcrypto/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:56 2002 +.\" Mon Jan 13 19:35:36 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH SSL_want 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index 487a9da..0670668 100644 --- a/secure/lib/libcrypto/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:57 2002 +.\" Mon Jan 13 19:35:37 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH SSL_write 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 64d9f8a..03c2239 100644 --- a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:58 2002 +.\" Mon Jan 13 19:35:38 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "0.9.6e" "2002-01-26" "OpenSSL" +.TH d2i_SSL_SESSION 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation diff --git a/secure/lib/libcrypto/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index 1964f5e..cc05cd2 100644 --- a/secure/lib/libcrypto/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:22:58 2002 +.\" Mon Jan 13 19:35:39 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -138,7 +138,7 @@ .\" ====================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "0.9.6e" "2002-07-30" "OpenSSL" +.TH ssl 3 "0.9.7" "2003-01-13" "OpenSSL" .UC .SH "NAME" \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library @@ -406,6 +406,10 @@ protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. .IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" .Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 .IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.Ip "void \fBSSL_CTX_set_msg_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.Ip "void \fBSSL_CTX_set_msg_callback_arg\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);" .Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 .IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" .Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 @@ -436,7 +440,7 @@ appropriate size (using ???) and return it. .IX Item "SSL_set_tmp_rsa_callback" long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); .Sp -The same as the section on "SSL_CTX_set_tmp_rsa_callback", except it operates on an \s-1SSL\s0 +The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0 session instead of a context. .Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" @@ -659,6 +663,10 @@ connection defined in the \fB\s-1SSL\s0\fR structure. .IX Item "int SSL_set_fd(SSL *ssl, int fd);" .Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 .IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.Ip "void \fBSSL_set_msg_callback\fR(\s-1SSL\s0 *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, \s-1SSL\s0 *ssl, void *arg));" 4 +.IX Item "void SSL_set_msg_callback(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));" +.Ip "void \fBSSL_set_msg_callback_arg\fR(\s-1SSL\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_set_msg_callback_arg(SSL *ctx, void *arg);" .Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 .IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" .Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 @@ -751,8 +759,11 @@ SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_CA_list(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_generate_session_id(3), SSL_CTX_set_info_callback(3), +SSL_CTX_set_max_cert_list(3), SSL_CTX_set_mode(3), +SSL_CTX_set_msg_callback(3), SSL_CTX_set_options(3), SSL_CTX_set_quiet_shutdown(3), SSL_CTX_set_session_cache_mode(3), diff --git a/secure/usr.bin/openssl/Makefile b/secure/usr.bin/openssl/Makefile index be75e6a..9109390 100644 --- a/secure/usr.bin/openssl/Makefile +++ b/secure/usr.bin/openssl/Makefile @@ -1,28 +1,40 @@ # $FreeBSD$ -OPENSSL_SRC= ${.CURDIR}/../../../crypto/openssl/apps -LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl/crypto - -.PATH: ${OPENSSL_SRC} ${.CURDIR}/../../lib/libcrypto/man - -PROG= openssl +PROG= xopenssl +PROGNAME= openssl DPADD= ${LIBSSL} ${LIBCRYPTO} LDADD= -lssl -lcrypto -MLINKS= openssl.1 ssl.8 + +NOLINT= true + +.include "../../lib/libcrypto/Makefile.inc" CFLAGS+= -DMONOLITH -I${.CURDIR} -WITH_RSA?= YES -.if ${WITH_RSA} == NO -CFLAGS+= -DNO_RSA -DNO_SSL2 -.endif +SRCS+= app_rand.c apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ + dgst.c dh.c dhparam.c dsa.c dsaparam.c enc.c engine.c errstr.c \ + gendh.c gendsa.c genrsa.c nseq.c ocsp.c openssl.c passwd.c \ + pkcs12.c pkcs7.c pkcs8.c rand.c req.c rsa.c rsautl.c s_cb.c \ + s_client.c s_server.c s_socket.c s_time.c sess_id.c smime.c \ + speed.c spkac.c verify.c version.c x509.c -SRCS= app_rand.c apps.c asn1pars.c ca.c ciphers.c crl.c crl2p7.c \ - dgst.c dh.c dhparam.c dsa.c dsaparam.c enc.c errstr.c gendh.c \ - gendsa.c genrsa.c nseq.c openssl.c passwd.c pkcs12.c pkcs7.c \ - pkcs8.c rand.c req.c rsa.c rsautl.c s_cb.c s_client.c \ - s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c \ - spkac.c verify.c version.c x509.o +MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 config.1 crl.1 crl2pkcs7.1 \ + dgst.1 dhparam.1 dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 \ + nseq.1 ocsp.1 openssl.1 passwd.1 pkcs12.1 pkcs7.1 pkcs8.1 \ + rand.1 req.1 rsa.1 rsautl.1 s_client.1 s_server.1 sess_id.1 \ + smime.1 speed.1 spkac.1 verify.1 version.1 x509.1 .include <bsd.prog.mk> + +.PATH: ${LCRYPTO_SRC}/apps \ + ${.CURDIR}/man + +mann-update: + for i in `( cd ${LCRYPTO_DOC}/apps ; ls *.pod )` ; do \ + cp ${LCRYPTO_DOC}/apps/$$i . ;\ + pod2man --section=3 --release="0.9.7" --center="OpenSSL" \ + $$i > ${.CURDIR}/man/$${i%%.pod}.1 ;\ + rm $$i ;\ + echo $${i%%.pod} ;\ + done diff --git a/secure/lib/libcrypto/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index ac3f29c..a20c295 100644 --- a/secure/lib/libcrypto/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:38 2002 +.\" Sun Jan 12 18:04:57 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "CA.PL 1" -.TH CA.PL 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "CA.pl 3" +.TH CA.pl 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs @@ -150,6 +150,7 @@ [\fB\-help\fR] [\fB\-newcert\fR] [\fB\-newreq\fR] +[\fB\-newreq-nodes\fR] [\fB\-newca\fR] [\fB\-xsign\fR] [\fB\-sign\fR] @@ -176,6 +177,9 @@ written to the file \*(L"newreq.pem\*(R". .IX Item "-newreq" creates a new certificate request. The private key and request are written to the file \*(L"newreq.pem\*(R". +.Ip "\fB\-newreq-nowdes\fR" 4 +.IX Item "-newreq-nowdes" +is like \fB\-newreq\fR except that the private key will not be encrypted. .Ip "\fB\-newca\fR" 4 .IX Item "-newca" creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR diff --git a/secure/lib/libcrypto/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 6401c61..76eadb2 100644 --- a/secure/lib/libcrypto/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:39 2002 +.\" Sun Jan 12 18:04:58 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "asn1parse 3" +.TH asn1parse 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" asn1parse \- \s-1ASN\s0.1 parsing tool diff --git a/secure/lib/libcrypto/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index 86f7b2c..bccbbc4 100644 --- a/secure/lib/libcrypto/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:40 2002 +.\" Sun Jan 12 18:04:59 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "CA 1" -.TH CA 1 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "ca 3" +.TH ca 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" ca \- sample minimal \s-1CA\s0 application @@ -150,6 +150,11 @@ ca \- sample minimal \s-1CA\s0 application [\fB\-name section\fR] [\fB\-gencrl\fR] [\fB\-revoke file\fR] +[\fB\-crl_reason reason\fR] +[\fB\-crl_hold instruction\fR] +[\fB\-crl_compromise time\fR] +[\fB\-crl_CA_compromise time\fR] +[\fB\-subj arg\fR] [\fB\-crldays days\fR] [\fB\-crlhours hours\fR] [\fB\-crlexts section\fR] @@ -170,9 +175,11 @@ ca \- sample minimal \s-1CA\s0 application [\fB\-spkac file\fR] [\fB\-ss_cert file\fR] [\fB\-preserveDN\fR] +[\fB\-noemailDN\fR] [\fB\-batch\fR] [\fB\-msie_hack\fR] [\fB\-extensions section\fR] +[\fB\-extfile section\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used @@ -200,7 +207,7 @@ a single self signed certificate to be signed by the \s-1CA\s0. .Ip "\fB\-spkac filename\fR" 4 .IX Item "-spkac filename" a file containing a single Netscape signed public key and challenge -and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1NOTES\s0\fR +and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR section for information on the required format. .Ip "\fB\-infiles\fR" 4 .IX Item "-infiles" @@ -231,8 +238,8 @@ the 'ps' utility) this option should be used with caution. .IX Item "-passin arg" the key password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -=item \fB\-verbose\fR -.Sp +.Ip "\fB\-verbose\fR" 4 +.IX Item "-verbose" this prints extra details about the operations being performed. .Ip "\fB\-notext\fR" 4 .IX Item "-notext" @@ -272,6 +279,14 @@ fields in the relevant policy section. When this option is set the order is the same as the request. This is largely for compatibility with the older \s-1IE\s0 enrollment control which would only accept certificates if their DNs match the order of the request. This is not needed for Xenroll. +.Ip "\fB\-noemailDN\fR" 4 +.IX Item "-noemailDN" +The \s-1DN\s0 of a certificate can contain the \s-1EMAIL\s0 field if present in the +request \s-1DN\s0, however it is good policy just having the e-mail set into +the altName extension of the certificate. When this option is set the +\&\s-1EMAIL\s0 field is removed from the certificate' subject and set only in +the, eventually present, extensions. The \fBemail_in_dn\fR keyword can be +used in the configuration file to enable this behaviour. .Ip "\fB\-batch\fR" 4 .IX Item "-batch" this sets the batch mode. In this mode no questions will be asked @@ -279,9 +294,15 @@ and all certificates will be certified automatically. .Ip "\fB\-extensions section\fR" 4 .IX Item "-extensions section" the section of the configuration file containing certificate extensions -to be added when a certificate is issued. If no extension section is -present then a V1 certificate is created. If the extension section -is present (even if it is empty) then a V3 certificate is created. +to be added when a certificate is issued (defaults to \fBx509_extensions\fR +unless the \fB\-extfile\fR option is used). If no extension section is +present then, a V1 certificate is created. If the extension section +is present (even if it is empty), then a V3 certificate is created. +.Ip "\fB\-extfile file\fR" 4 +.IX Item "-extfile file" +an additional configuration file to read certificate extensions from +(using the default section unless the \fB\-extensions\fR option is also +used). .SH "CRL OPTIONS" .IX Header "CRL OPTIONS" .Ip "\fB\-gencrl\fR" 4 @@ -297,6 +318,34 @@ the number of hours before the next \s-1CRL\s0 is due. .Ip "\fB\-revoke filename\fR" 4 .IX Item "-revoke filename" a filename containing a certificate to revoke. +.Ip "\fB\-crl_reason reason\fR" 4 +.IX Item "-crl_reason reason" +revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, +\&\fBCACompromise\fR, \fBaffiliationChanged\fR, \fBsuperseded\fR, \fBcessationOfOperation\fR, +\&\fBcertificateHold\fR or \fBremoveFromCRL\fR. The matching of \fBreason\fR is case +insensitive. Setting any revocation reason will make the \s-1CRL\s0 v2. +.Sp +In practive \fBremoveFromCRL\fR is not particularly useful because it is only used +in delta CRLs which are not currently implemented. +.Ip "\fB\-crl_hold instruction\fR" 4 +.IX Item "-crl_hold instruction" +This sets the \s-1CRL\s0 revocation reason code to \fBcertificateHold\fR and the hold +instruction to \fBinstruction\fR which must be an \s-1OID\s0. Although any \s-1OID\s0 can be +used only \fBholdInstructionNone\fR (the use of which is discouraged by \s-1RFC2459\s0) +\&\fBholdInstructionCallIssuer\fR or \fBholdInstructionReject\fR will normally be used. +.Ip "\fB\-crl_compromise time\fR" 4 +.IX Item "-crl_compromise time" +This sets the revocation reason to \fBkeyCompromise\fR and the compromise time to +\&\fBtime\fR. \fBtime\fR should be in GeneralizedTime format that is \fB\s-1YYYYMMDDHHMMSSZ\s0\fR. +.Ip "\fB\-crl_CA_compromise time\fR" 4 +.IX Item "-crl_CA_compromise time" +This is the same as \fBcrl_compromise\fR except the revocation reason is set to +\&\fBCACompromise\fR. +.Ip "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +supersedes subject name given in the request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, +characters may be escaped by \e (backslash), no spaces are skipped. .Ip "\fB\-crlexts section\fR" 4 .IX Item "-crlexts section" the section of the configuration file containing \s-1CRL\s0 extensions to @@ -392,6 +441,11 @@ the same as \fB\-crlexts\fR. .Ip "\fBpreserve\fR" 4 .IX Item "preserve" the same as \fB\-preserveDN\fR +.Ip "\fBemail_in_dn\fR" 4 +.IX Item "email_in_dn" +the same as \fB\-noemailDN\fR. If you want the \s-1EMAIL\s0 field to be removed +from the \s-1DN\s0 of the certificate simply set this to 'no'. If not present +the default is to allow for the \s-1EMAIL\s0 filed in the certificate's \s-1DN\s0. .Ip "\fBmsie_hack\fR" 4 .IX Item "msie_hack" the same as \fB\-msie_hack\fR @@ -399,6 +453,35 @@ the same as \fB\-msie_hack\fR .IX Item "policy" the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section for more information. +.Ip "\fBnameopt\fR, \fBcertopt\fR" 4 +.IX Item "nameopt, certopt" +these options allow the format used to display the certificate details +when asking the user to confirm signing. All the options supported by +the \fBx509\fR utilities \fB\-nameopt\fR and \fB\-certopt\fR switches can be used +here, except the \fBno_signame\fR and \fBno_sigdump\fR are permanently set +and cannot be disabled (this is because the certificate signature cannot +be displayed because the certificate has not been signed at this point). +.Sp +For convenience the values \fBdefault_ca\fR are accepted by both to produce +a reasonable output. +.Sp +If neither option is present the format used in earlier versions of +OpenSSL is used. Use of the old format is \fBstrongly\fR discouraged because +it only displays fields mentioned in the \fBpolicy\fR section, mishandles +multicharacter string types and does not display extensions. +.Ip "\fBcopy_extensions\fR" 4 +.IX Item "copy_extensions" +determines how extensions in certificate requests should be handled. +If set to \fBnone\fR or this option is not present then extensions are +ignored and not copied to the certificate. If set to \fBcopy\fR then any +extensions present in the request that are not already present are copied +to the certificate. If set to \fBcopyall\fR then all extensions in the +request are copied to the certificate: if the extension is already present +in the certificate it is deleted first. See the \fB\s-1WARNINGS\s0\fR section before +using this option. +.Sp +The main use of this option is to allow a certificate request to supply +values for certain extensions such as subjectAltName. .SH "POLICY FORMAT" .IX Header "POLICY FORMAT" The policy section consists of a set of variables corresponding to @@ -493,8 +576,14 @@ A sample configuration file with the relevant sections for \fBca\fR: \& default_crl_days= 30 # how long before next CRL \& default_md = md5 # md to use .Ve -.Vb 1 +.Vb 2 \& policy = policy_any # default policy +\& email_in_dn = no # Don't add the email into cert DN +.Ve +.Vb 3 +\& nameopt = default_ca # Subject name display option +\& certopt = default_ca # Certificate display option +\& copy_extensions = none # Don't copy extensions from request .Ve .Vb 7 \& [ policy_any ] @@ -505,17 +594,6 @@ A sample configuration file with the relevant sections for \fBca\fR: \& commonName = supplied \& emailAddress = optional .Ve -.SH "WARNINGS" -.IX Header "WARNINGS" -The \fBca\fR command is quirky and at times downright unfriendly. -.PP -The \fBca\fR utility was originally meant as an example of how to do things -in a \s-1CA\s0. It was not supposed be be used as a full blown \s-1CA\s0 itself: -nevertheless some people are using it for this purpose. -.PP -The \fBca\fR command is effectively a single user command: no locking is -done on the various files and attempts to run more than one \fBca\fR command -on the same database can have unpredictable results. .SH "FILES" .IX Header "FILES" Note: the location of all files can change either by compile time options, @@ -545,9 +623,6 @@ if corrupted it can be difficult to fix. It is theoretically possible to rebuild the index file from all the issued certificates and a current \&\s-1CRL:\s0 however there is no option to do this. .PP -\&\s-1CRL\s0 entry extensions cannot currently be created: only \s-1CRL\s0 extensions -can be added. -.PP V2 \s-1CRL\s0 features like delta \s-1CRL\s0 support and \s-1CRL\s0 numbers are not currently supported. .PP @@ -559,10 +634,6 @@ The use of an in memory text database can cause problems when large numbers of certificates are present because, as the name implies the database has to be kept in memory. .PP -Certificate request extensions are ignored: some kind of \*(L"policy\*(R" should -be included to use certain static extensions and certain extensions -from the request. -.PP It is not possible to certify two certificates with the same \s-1DN:\s0 this is a side effect of how the text database is indexed and it cannot easily be fixed without introducing other problems. Some S/MIME clients can use @@ -575,12 +646,48 @@ exposed at either a command or interface level so a more friendly utility \&\fB\s-1CA\s0.pl\fR help a little but not very much. .PP Any fields in a request that are not present in a policy are silently -deleted. This does not happen if the \fB\-preserveDN\fR option is used but -the extra fields are not displayed when the user is asked to certify -a request. The behaviour should be more friendly and configurable. +deleted. This does not happen if the \fB\-preserveDN\fR option is used. To +enforce the absence of the \s-1EMAIL\s0 field within the \s-1DN\s0, as suggested by +RFCs, regardless the contents of the request' subject the \fB\-noemailDN\fR +option can be used. The behaviour should be more friendly and +configurable. .PP Cancelling some commands by refusing to certify a certificate can create an empty file. +.SH "WARNINGS" +.IX Header "WARNINGS" +The \fBca\fR command is quirky and at times downright unfriendly. +.PP +The \fBca\fR utility was originally meant as an example of how to do things +in a \s-1CA\s0. It was not supposed to be used as a full blown \s-1CA\s0 itself: +nevertheless some people are using it for this purpose. +.PP +The \fBca\fR command is effectively a single user command: no locking is +done on the various files and attempts to run more than one \fBca\fR command +on the same database can have unpredictable results. +.PP +The \fBcopy_extensions\fR option should be used with caution. If care is +not taken then it can be a security risk. For example if a certificate +request contains a basicConstraints extension with \s-1CA:TRUE\s0 and the +\&\fBcopy_extensions\fR value is set to \fBcopyall\fR and the user does not spot +this when the certificate is displayed then this will hand the requestor +a valid \s-1CA\s0 certificate. +.PP +This situation can be avoided by setting \fBcopy_extensions\fR to \fBcopy\fR +and including basicConstraints with \s-1CA:FALSE\s0 in the configuration file. +Then if the request contains a basicConstraints extension it will be +ignored. +.PP +It is advisable to also include values for other extensions such +as \fBkeyUsage\fR to prevent a request supplying its own values. +.PP +Additional restrictions can be placed on the \s-1CA\s0 certificate itself. +For example if the \s-1CA\s0 certificate has: +.PP +.Vb 1 +\& basicConstraints = CA:TRUE, pathlen:0 +.Ve +then even if a certificate is issued with \s-1CA:TRUE\s0 it will not be valid. .SH "SEE ALSO" .IX Header "SEE ALSO" req(1), spkac(1), x509(1), CA.pl(1), diff --git a/secure/lib/libcrypto/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index 620a081..1083d22 100644 --- a/secure/lib/libcrypto/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:40 2002 +.\" Sun Jan 12 18:05:01 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "CIPHERS 1" -.TH CIPHERS 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "ciphers 3" +.TH ciphers 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" ciphers \- \s-1SSL\s0 cipher display and cipher list tool. @@ -229,9 +229,17 @@ The following is a list of all permitted cipher strings and their meanings. the default cipher list. This is determined at compile time and is normally \&\fB\s-1ALL:\s0!ADH:RC4+RSA:+SSLv2:@STRENGTH\fR. This must be the first cipher string specified. +.Ip "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 +.IX Item "COMPLEMENTOFDEFAULT" +the ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently +this is \fB\s-1ADH\s0\fR. Note that this rule does not cover \fBeNULL\fR, which is +not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary). .Ip "\fB\s-1ALL\s0\fR" 4 .IX Item "ALL" all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled. +.Ip "\fB\s-1COMPLEMENTOFALL\s0\fR" 4 +.IX Item "COMPLEMENTOFALL" +the cipher suites not enabled by \fB\s-1ALL\s0\fR, currently being \fBeNULL\fR. .Ip "\fB\s-1HIGH\s0\fR" 4 .IX Item "HIGH" \&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger @@ -295,6 +303,9 @@ cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. .Ip "\fB\s-1ADH\s0\fR" 4 .IX Item "ADH" anonymous \s-1DH\s0 cipher suites. +.Ip "\fB\s-1AES\s0\fR" 4 +.IX Item "AES" +cipher suites using \s-1AES\s0. .Ip "\fB3DES\fR" 4 .IX Item "3DES" cipher suites using triple \s-1DES\s0. @@ -319,7 +330,9 @@ cipher suites using \s-1SHA1\s0. .SH "CIPHER SUITE NAMES" .IX Header "CIPHER SUITE NAMES" The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the -relevant specification and their OpenSSL equivalents. +relevant specification and their OpenSSL equivalents. It should be noted, +that several cipher suite names do not include the authentication used, +e.g. \s-1DES-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. .Sh "\s-1SSL\s0 v3.0 cipher suites." .IX Subsection "SSL v3.0 cipher suites." .Vb 10 @@ -395,6 +408,28 @@ relevant specification and their OpenSSL equivalents. \& TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA \& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA .Ve +.Sh "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" +.IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0" +.Vb 2 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA +.Ve +.Vb 4 +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA +.Ve +.Vb 4 +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA +.Ve +.Vb 2 +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA +.Ve .Sh "Additional Export 1024 and other cipher suites" .IX Subsection "Additional Export 1024 and other cipher suites" Note: these ciphers can also be used in \s-1SSL\s0 v3. @@ -442,6 +477,21 @@ Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: .Vb 1 \& openssl ciphers -v '3DES:+RSA' .Ve +Include all \s-1RC4\s0 ciphers but leave out those without authentication: +.PP +.Vb 1 +\& openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' +.Ve +Include all chiphers with \s-1RSA\s0 authentication but leave out ciphers without +encryption. +.PP +.Vb 1 +\& openssl ciphers -v 'RSA:!COMPLEMENTOFALL' +.Ve .SH "SEE ALSO" .IX Header "SEE ALSO" s_client(1), s_server(1), ssl(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\s-1COMPLENTOFALL\s0\fR and \fB\s-1COMPLEMENTOFDEFAULT\s0\fR selection options were +added in version 0.9.7. diff --git a/secure/lib/libcrypto/man/config.5 b/secure/usr.bin/openssl/man/config.1 index fbe41e1..b6d8584 100644 --- a/secure/lib/libcrypto/man/config.5 +++ b/secure/usr.bin/openssl/man/config.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:41 2002 +.\" Sun Jan 12 18:05:02 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "config 5" -.TH config 5 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "config 3" +.TH config 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" config \- OpenSSL \s-1CONF\s0 library configuration files diff --git a/secure/lib/libcrypto/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 8c71fec..c3103ff 100644 --- a/secure/lib/libcrypto/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:42 2002 +.\" Sun Jan 12 18:05:03 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "CRL 1" -.TH CRL 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "crl 3" +.TH crl 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" crl \- \s-1CRL\s0 utility diff --git a/secure/lib/libcrypto/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 0cb8dd9..3f879f4 100644 --- a/secure/lib/libcrypto/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:42 2002 +.\" Sun Jan 12 18:05:04 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "0.9.6e" "2002-07-30" "OpenSSL" +.IX Title "crl2pkcs7 3" +.TH crl2pkcs7 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates. diff --git a/secure/lib/libcrypto/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index b848f58..c9a9096 100644 --- a/secure/lib/libcrypto/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:43 2002 +.\" Sun Jan 12 18:05:05 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "DGST 1" -.TH DGST 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "dgst 3" +.TH dgst 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests diff --git a/secure/lib/libcrypto/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 98a449f..755b3a2 100644 --- a/secure/lib/libcrypto/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:44 2002 +.\" Sun Jan 12 18:05:06 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "DHPARAM 1" -.TH DHPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "dhparam 3" +.TH dhparam 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" dhparam \- \s-1DH\s0 parameter manipulation and generation diff --git a/secure/lib/libcrypto/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index dcc68e9..8abfe40 100644 --- a/secure/lib/libcrypto/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:44 2002 +.\" Sun Jan 12 18:05:07 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "DSA 1" -.TH DSA 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "dsa 3" +.TH dsa 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" dsa \- \s-1DSA\s0 key processing diff --git a/secure/lib/libcrypto/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index f400104..ae4b089 100644 --- a/secure/lib/libcrypto/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:45 2002 +.\" Sun Jan 12 18:05:08 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "dsaparam 3" +.TH dsaparam 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" dsaparam \- \s-1DSA\s0 parameter manipulation and generation diff --git a/secure/lib/libcrypto/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index ee1597d..dc372f2 100644 --- a/secure/lib/libcrypto/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 +.\" Sun Jan 12 18:05:09 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "ENC 1" -.TH ENC 1 "0.9.6e" "2001-07-19" "OpenSSL" +.IX Title "enc 3" +.TH enc 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" enc \- symmetric cipher routines @@ -159,6 +159,7 @@ enc \- symmetric cipher routines [\fB\-p\fR] [\fB\-P\fR] [\fB\-bufsize number\fR] +[\fB\-nopad\fR] [\fB\-debug\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -239,6 +240,9 @@ or decryption. .Ip "\fB\-bufsize number\fR" 4 .IX Item "-bufsize number" set the buffer size for I/O +.Ip "\fB\-nopad\fR" 4 +.IX Item "-nopad" +disable standard block padding .Ip "\fB\-debug\fR" 4 .IX Item "-debug" debug the BIOs used for I/O. @@ -264,11 +268,14 @@ Some of the ciphers do not have large keys and others have security implications if not used correctly. A beginner is advised to just use a strong block cipher in \s-1CBC\s0 mode such as bf or des3. .PP -All the block ciphers use PKCS#5 padding also known as standard block +All the block ciphers normally use PKCS#5 padding also known as standard block padding: this allows a rudimentary integrity or password check to be performed. However since the chance of random data passing the test is better than 1 in 256 it isn't a very good test. .PP +If padding is disabled then the input data must be a multiple of the cipher +block length. +.PP All \s-1RC2\s0 ciphers have the same key and effective key length. .PP Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. @@ -387,6 +394,6 @@ The \fB\-A\fR option when used with large files doesn't work properly. .PP There should be an option to allow an iteration count to be included. .PP -Like the \s-1EVP\s0 library the \fBenc\fR program only supports a fixed number of -algorithms with certain parameters. So if, for example, you want to use \s-1RC2\s0 -with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. +The \fBenc\fR program only supports a fixed number of algorithms with +certain parameters. So if, for example, you want to use \s-1RC2\s0 with a +76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. diff --git a/secure/lib/libcrypto/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index 19ec49b..6ec8233 100644 --- a/secure/lib/libcrypto/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:46 2002 +.\" Sun Jan 12 18:05:10 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "GENDSA 1" -.TH GENDSA 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "gendsa 3" +.TH gendsa 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" gendsa \- generate a \s-1DSA\s0 private key from a set of parameters diff --git a/secure/lib/libcrypto/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index aaea762..dfe2627 100644 --- a/secure/lib/libcrypto/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:47 2002 +.\" Sun Jan 12 18:05:11 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "GENRSA 1" -.TH GENRSA 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "genrsa 3" +.TH genrsa 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" genrsa \- generate an \s-1RSA\s0 private key diff --git a/secure/lib/libcrypto/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index 469dc98..a47412b 100644 --- a/secure/lib/libcrypto/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:47 2002 +.\" Sun Jan 12 18:05:12 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "NSEQ 1" -.TH NSEQ 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "nseq 3" +.TH nseq 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" nseq \- create or examine a netscape certificate sequence diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 new file mode 100644 index 0000000..c312ec6 --- /dev/null +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -0,0 +1,451 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Sun Jan 12 18:05:13 2003 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ocsp 3" +.TH ocsp 3 "0.9.7" "2003-01-12" "OpenSSL" +.UC +.SH "NAME" +ocsp \- Online Certificate Status Protocol utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBocsp\fR +[\fB\-out file\fR] +[\fB\-issuer file\fR] +[\fB\-cert file\fR] +[\fB\-serial n\fR] +[\fB\-req_text\fR] +[\fB\-resp_text\fR] +[\fB\-text\fR] +[\fB\-reqout file\fR] +[\fB\-respout file\fR] +[\fB\-reqin file\fR] +[\fB\-respin file\fR] +[\fB\-nonce\fR] +[\fB\-no_nonce\fR] +[\fB\-url responder_url\fR] +[\fB\-host host:n\fR] +[\fB\-path\fR] +[\fB\-CApath file\fR] +[\fB\-CAfile file\fR] +[\fB\-VAfile file\fR] +[\fB\-verify_certs file\fR] +[\fB\-noverify\fR] +[\fB\-trust_other\fR] +[\fB\-no_intern\fR] +[\fB\-no_sig_verify\fR] +[\fB\-no_cert_verify\fR] +[\fB\-no_chain\fR] +[\fB\-no_cert_checks\fR] +[\fB\-validity_period nsec\fR] +[\fB\-status_age nsec\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fB\s-1WARNING:\s0 this documentation is preliminary and subject to change.\fR +.PP +The Online Certificate Status Protocol (\s-1OCSP\s0) enables applications to +determine the (revocation) state of an identified certificate (\s-1RFC\s0 2560). +.PP +The \fBocsp\fR command performs many common \s-1OCSP\s0 tasks. It can be used +to print out requests and responses, create requests and send queries +to an \s-1OCSP\s0 responder and behave like a mini \s-1OCSP\s0 server itself. +.SH "OCSP CLIENT OPTIONS" +.IX Header "OCSP CLIENT OPTIONS" +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specify output filename, default is standard output. +.Ip "\fB\-issuer filename\fR" 4 +.IX Item "-issuer filename" +This specifies the current issuer certificate. This option can be used +multiple times. The certificate specified in \fBfilename\fR must be in +\&\s-1PEM\s0 format. +.Ip "\fB\-cert filename\fR" 4 +.IX Item "-cert filename" +Add the certificate \fBfilename\fR to the request. The issuer certificate +is taken from the previous \fBissuer\fR option, or an error occurs if no +issuer certificate is specified. +.Ip "\fB\-serial num\fR" 4 +.IX Item "-serial num" +Same as the \fBcert\fR option except the certificate with serial number +\&\fBnum\fR is added to the request. The serial number is interpreted as a +decimal integer unless preceded by \fB0x\fR. Negative integers can also +be specified by preceding the value by a \fB-\fR sign. +.Ip "\fB\-signer filename\fR, \fB\-signkey filename\fR" 4 +.IX Item "-signer filename, -signkey filename" +Sign the \s-1OCSP\s0 request using the certificate specified in the \fBsigner\fR +option and the private key specified by the \fBsignkey\fR option. If +the \fBsignkey\fR option is not present then the private key is read +from the same file as the certificate. If neither option is specified then +the \s-1OCSP\s0 request is not signed. +.Ip "\fB\-nonce\fR, \fB\-no_nonce\fR" 4 +.IX Item "-nonce, -no_nonce" +Add an \s-1OCSP\s0 nonce extension to a request or disable \s-1OCSP\s0 nonce addition. +Normally if an \s-1OCSP\s0 request is input using the \fBrespin\fR option no +nonce is added: using the \fBnonce\fR option will force addition of a nonce. +If an \s-1OCSP\s0 request is being created (using \fBcert\fR and \fBserial\fR options) +a nonce is automatically added specifying \fBno_nonce\fR overrides this. +.Ip "\fB\-req_text\fR, \fB\-resp_text\fR, \fB\-text\fR" 4 +.IX Item "-req_text, -resp_text, -text" +print out the text form of the \s-1OCSP\s0 request, response or both respectively. +.Ip "\fB\-reqout file\fR, \fB\-respout file\fR" 4 +.IX Item "-reqout file, -respout file" +write out the \s-1DER\s0 encoded certificate request or response to \fBfile\fR. +.Ip "\fB\-reqin file\fR, \fB\-respin file\fR" 4 +.IX Item "-reqin file, -respin file" +read \s-1OCSP\s0 request or response file from \fBfile\fR. These option are ignored +if \s-1OCSP\s0 request or response creation is implied by other options (for example +with \fBserial\fR, \fBcert\fR and \fBhost\fR options). +.Ip "\fB\-url responder_url\fR" 4 +.IX Item "-url responder_url" +specify the responder \s-1URL\s0. Both \s-1HTTP\s0 and \s-1HTTPS\s0 (\s-1SSL/TLS\s0) URLs can be specified. +.Ip "\fB\-host hostname:port\fR, \fB\-path pathname\fR" 4 +.IX Item "-host hostname:port, -path pathname" +if the \fBhost\fR option is present then the \s-1OCSP\s0 request is sent to the host +\&\fBhostname\fR on port \fBport\fR. \fBpath\fR specifies the \s-1HTTP\s0 path name to use +or \*(L"/\*(R" by default. +.Ip "\fB\-CAfile file\fR, \fB\-CApath pathname\fR" 4 +.IX Item "-CAfile file, -CApath pathname" +file or pathname containing trusted \s-1CA\s0 certificates. These are used to verify +the signature on the \s-1OCSP\s0 response. +.Ip "\fB\-verify_certs file\fR" 4 +.IX Item "-verify_certs file" +file containing additional certificates to search when attempting to locate +the \s-1OCSP\s0 response signing certificate. Some responders omit the actual signer's +certificate from the response: this option can be used to supply the necessary +certificate in such cases. +.Ip "\fB\-trust_other\fR" 4 +.IX Item "-trust_other" +the certificates specified by the \fB\-verify_certs\fR option should be explicitly +trusted and no additional checks will be performed on them. This is useful +when the complete responder certificate chain is not available or trusting a +root \s-1CA\s0 is not appropriate. +.Ip "\fB\-VAfile file\fR" 4 +.IX Item "-VAfile file" +file containing explicitly trusted responder certificates. Equivalent to the +\&\fB\-verify_certs\fR and \fB\-trust_other\fR options. +.Ip "\fB\-noverify\fR" 4 +.IX Item "-noverify" +don't attempt to verify the \s-1OCSP\s0 response signature or the nonce values. This +option will normally only be used for debugging since it disables all verification +of the responders certificate. +.Ip "\fB\-no_intern\fR" 4 +.IX Item "-no_intern" +ignore certificates contained in the \s-1OCSP\s0 response when searching for the +signers certificate. With this option the signers certificate must be specified +with either the \fB\-verify_certs\fR or \fB\-VAfile\fR options. +.Ip "\fB\-no_sig_verify\fR" 4 +.IX Item "-no_sig_verify" +don't check the signature on the \s-1OCSP\s0 response. Since this option tolerates invalid +signatures on \s-1OCSP\s0 responses it will normally only be used for testing purposes. +.Ip "\fB\-no_cert_verify\fR" 4 +.IX Item "-no_cert_verify" +don't verify the \s-1OCSP\s0 response signers certificate at all. Since this option allows +the \s-1OCSP\s0 response to be signed by any certificate it should only be used for +testing purposes. +.Ip "\fB\-no_chain\fR" 4 +.IX Item "-no_chain" +do not use certificates in the response as additional untrusted \s-1CA\s0 +certificates. +.Ip "\fB\-no_cert_checks\fR" 4 +.IX Item "-no_cert_checks" +don't perform any additional checks on the \s-1OCSP\s0 response signers certificate. +That is do not make any checks to see if the signers certificate is authorised +to provide the necessary status information: as a result this option should +only be used for testing purposes. +.Ip "\fB\-validity_period nsec\fR, \fB\-status_age age\fR" 4 +.IX Item "-validity_period nsec, -status_age age" +these options specify the range of times, in seconds, which will be tolerated +in an \s-1OCSP\s0 response. Each certificate status response includes a \fBnotBefore\fR time and +an optional \fBnotAfter\fR time. The current time should fall between these two values, but +the interval between the two times may be only a few seconds. In practice the \s-1OCSP\s0 +responder and clients clocks may not be precisely synchronised and so such a check +may fail. To avoid this the \fB\-validity_period\fR option can be used to specify an +acceptable error range in seconds, the default value is 5 minutes. +.Sp +If the \fBnotAfter\fR time is omitted from a response then this means that new status +information is immediately available. In this case the age of the \fBnotBefore\fR field +is checked to see it is not older than \fBage\fR seconds old. By default this additional +check is not performed. +.SH "OCSP SERVER OPTIONS" +.IX Header "OCSP SERVER OPTIONS" +.Ip "\fB\-index indexfile\fR" 4 +.IX Item "-index indexfile" +\&\fBindexfile\fR is a text index file in \fBca\fR format containing certificate revocation +information. +.Sp +If the \fBindex\fR option is specified the \fBocsp\fR utility is in responder mode, otherwise +it is in client mode. The \fIrequest\fR\|(s) the responder processes can be either specified on +the command line (using \fBissuer\fR and \fBserial\fR options), supplied in a file (using the +\&\fBrespin\fR option) or via external \s-1OCSP\s0 clients (if \fBport\fR or \fBurl\fR is specified). +.Sp +If the \fBindex\fR option is present then the \fB\s-1CA\s0\fR and \fBrsigner\fR options must also be +present. +.Ip "\fB\-CA file\fR" 4 +.IX Item "-CA file" +\&\s-1CA\s0 certificate corresponding to the revocation information in \fBindexfile\fR. +.Ip "\fB\-rsigner file\fR" 4 +.IX Item "-rsigner file" +The certificate to sign \s-1OCSP\s0 responses with. +.Ip "\fB\-rother file\fR" 4 +.IX Item "-rother file" +Additional certificates to include in the \s-1OCSP\s0 response. +.Ip "\fB\-resp_no_certs\fR" 4 +.IX Item "-resp_no_certs" +Don't include any certificates in the \s-1OCSP\s0 response. +.Ip "\fB\-resp_key_id\fR" 4 +.IX Item "-resp_key_id" +Identify the signer certificate using the key \s-1ID\s0, default is to use the subject name. +.Ip "\fB\-rkey file\fR" 4 +.IX Item "-rkey file" +The private key to sign \s-1OCSP\s0 responses with: if not present the file specified in the +\&\fBrsigner\fR option is used. +.Ip "\fB\-port portnum\fR" 4 +.IX Item "-port portnum" +Port to listen for \s-1OCSP\s0 requests on. The port may also be specified using the \fBurl\fR +option. +.Ip "\fB\-nrequest number\fR" 4 +.IX Item "-nrequest number" +The \s-1OCSP\s0 server will exit after receiving \fBnumber\fR requests, default unlimited. +.Ip "\fB\-nmin minutes\fR, \fB\-ndays days\fR" 4 +.IX Item "-nmin minutes, -ndays days" +Number of minutes or days when fresh revocation information is available: used in the +\&\fBnextUpdate\fR field. If neither option is present then the \fBnextUpdate\fR field is +omitted meaning fresh revocation information is immediately available. +.SH "OCSP Response verification." +.IX Header "OCSP Response verification." +\&\s-1OCSP\s0 Response follows the rules specified in \s-1RFC2560\s0. +.PP +Initially the \s-1OCSP\s0 responder certificate is located and the signature on +the \s-1OCSP\s0 request checked using the responder certificate's public key. +.PP +Then a normal certificate verify is performed on the \s-1OCSP\s0 responder certificate +building up a certificate chain in the process. The locations of the trusted +certificates used to build the chain can be specified by the \fBCAfile\fR +and \fBCApath\fR options or they will be looked for in the standard OpenSSL +certificates directory. +.PP +If the initial verify fails then the \s-1OCSP\s0 verify process halts with an +error. +.PP +Otherwise the issuing \s-1CA\s0 certificate in the request is compared to the \s-1OCSP\s0 +responder certificate: if there is a match then the \s-1OCSP\s0 verify succeeds. +.PP +Otherwise the \s-1OCSP\s0 responder certificate's \s-1CA\s0 is checked against the issuing +\&\s-1CA\s0 certificate in the request. If there is a match and the OCSPSigning +extended key usage is present in the \s-1OCSP\s0 responder certificate then the +\&\s-1OCSP\s0 verify succeeds. +.PP +Otherwise the root \s-1CA\s0 of the \s-1OCSP\s0 responders \s-1CA\s0 is checked to see if it +is trusted for \s-1OCSP\s0 signing. If it is the \s-1OCSP\s0 verify succeeds. +.PP +If none of these checks is successful then the \s-1OCSP\s0 verify fails. +.PP +What this effectively means if that if the \s-1OCSP\s0 responder certificate is +authorised directly by the \s-1CA\s0 it is issuing revocation information about +(and it is correctly configured) then verification will succeed. +.PP +If the \s-1OCSP\s0 responder is a \*(L"global responder\*(R" which can give details about +multiple CAs and has its own separate certificate chain then its root +\&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: +.PP +.Vb 1 +\& openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem +.Ve +Alternatively the responder certificate itself can be explicitly trusted +with the \fB\-VAfile\fR option. +.SH "NOTES" +.IX Header "NOTES" +As noted, most of the verify options are for testing or debugging purposes. +Normally only the \fB\-CApath\fR, \fB\-CAfile\fR and (if the responder is a 'global +\&\s-1VA\s0') \fB\-VAfile\fR options need to be used. +.PP +The \s-1OCSP\s0 server is only useful for test and demonstration purposes: it is +not really usable as a full \s-1OCSP\s0 responder. It contains only a very +simple \s-1HTTP\s0 request handling and can only handle the \s-1POST\s0 form of \s-1OCSP\s0 +queries. It also handles requests serially meaning it cannot respond to +new requests until it has processed the current one. The text index file +format of revocation is also inefficient for large quantities of revocation +data. +.PP +It is possible to run the \fBocsp\fR application in responder mode via a \s-1CGI\s0 +script using the \fBrespin\fR and \fBrespout\fR options. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create an \s-1OCSP\s0 request and write it to a file: +.PP +.Vb 1 +\& openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der +.Ve +Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the +response to a file and print it out in text form +.PP +.Vb 2 +\& openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e +\& -url http://ocsp.myhost.com/ -resp_text -respout resp.der +.Ve +Read in an \s-1OCSP\s0 response and print out text form: +.PP +.Vb 1 +\& openssl ocsp -respin resp.der -text +.Ve +\&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate +responder certificate. All requests and responses are printed to a file. +.PP +.Vb 2 +\& openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem +\& -text -out log.txt +.Ve +As above but exit after processing one request: +.PP +.Vb 2 +\& openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem +\& -nrequest 1 +.Ve +Query status information using internally generated request: +.PP +.Vb 2 +\& openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem +\& -issuer demoCA/cacert.pem -serial 1 +.Ve +Query status information using request read from a file, write response to a +second file. +.PP +.Vb 2 +\& openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem +\& -reqin req.der -respout resp.der +.Ve diff --git a/secure/lib/libcrypto/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index 7511cb1..c88e763 100644 --- a/secure/lib/libcrypto/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:48 2002 +.\" Sun Jan 12 18:05:15 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "OPENSSL 1" -.TH OPENSSL 1 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "openssl 3" +.TH openssl 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" openssl \- OpenSSL command line tool @@ -240,6 +240,9 @@ Generation of \s-1DSA\s0 Parameters. .Ip "\fBgenrsa\fR" 10 .IX Item "genrsa" Generation of \s-1RSA\s0 Parameters. +.Ip "\fBocsp\fR" 10 +.IX Item "ocsp" +Online Certificate Status Protocol utility. .Ip "\fBpasswd\fR" 10 .IX Item "passwd" Generation of hashed passwords. diff --git a/secure/lib/libcrypto/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 1274f17..67e5dee 100644 --- a/secure/lib/libcrypto/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:49 2002 +.\" Sun Jan 12 18:05:16 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "PASSWD 1" -.TH PASSWD 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "passwd 3" +.TH passwd 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" passwd \- compute password hashes @@ -151,6 +151,7 @@ passwd \- compute password hashes [\fB\-salt\fR \fIstring\fR] [\fB\-in\fR \fIfile\fR] [\fB\-stdin\fR] +[\fB\-noverify\fR] [\fB\-quiet\fR] [\fB\-table\fR] {\fIpassword\fR} @@ -159,7 +160,7 @@ passwd \- compute password hashes The \fBpasswd\fR command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for option \fB\-in file\fR, from stdin for -option \fB\-stdin\fR, and from the command line otherwise. +option \fB\-stdin\fR, or from the command line, or from the terminal otherwise. The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password algorithm \fB1\fR and its Apache variant \fBapr1\fR are available. .SH "OPTIONS" @@ -176,12 +177,16 @@ Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). .Ip "\fB\-salt\fR \fIstring\fR" 4 .IX Item "-salt string" Use the specified salt. +When reading a password from the terminal, this implies \fB\-noverify\fR. .Ip "\fB\-in\fR \fIfile\fR" 4 .IX Item "-in file" Read passwords from \fIfile\fR. .Ip "\fB\-stdin\fR" 4 .IX Item "-stdin" Read passwords from \fBstdin\fR. +.Ip "\fB\-noverify\fR" 4 +.IX Item "-noverify" +Don't verify when reading a password from the terminal. .Ip "\fB\-quiet\fR" 4 .IX Item "-quiet" Don't output warnings when passwords given at the command line are truncated. @@ -193,6 +198,6 @@ to each password hash. .IX Header "EXAMPLES" \&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR. .PP -\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1\fR. +\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.\fR. .PP \&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR. diff --git a/secure/lib/libcrypto/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index 4c5b81f..89e23c5 100644 --- a/secure/lib/libcrypto/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:50 2002 +.\" Sun Jan 12 18:05:17 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "PKCS12 1" -.TH PKCS12 1 "0.9.6e" "2001-05-19" "OpenSSL" +.IX Title "pkcs12 3" +.TH pkcs12 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" pkcs12 \- PKCS#12 file utility @@ -356,7 +356,7 @@ the one corresponding to the private key. Certain software which requires a private key and certificate and assumes the first certificate in the file is the one corresponding to the private key: this may not always be the case. Using the \fB\-clcerts\fR option will solve this problem by only -outputing the certificate corresponding to the private key. If the \s-1CA\s0 +outputting the certificate corresponding to the private key. If the \s-1CA\s0 certificates are required then they can be output to a separate file using the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates. .PP diff --git a/secure/lib/libcrypto/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index e7a89ad..539985d 100644 --- a/secure/lib/libcrypto/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:50 2002 +.\" Sun Jan 12 18:05:19 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "PKCS7 1" -.TH PKCS7 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "pkcs7 3" +.TH pkcs7 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" pkcs7 \- PKCS#7 utility @@ -206,7 +206,7 @@ The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: \& -----BEGIN PKCS7----- \& -----END PKCS7----- .Ve -For compatability with some CAs it will also accept: +For compatibility with some CAs it will also accept: .PP .Vb 2 \& -----BEGIN CERTIFICATE----- diff --git a/secure/lib/libcrypto/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index 110df1a..ff9883a 100644 --- a/secure/lib/libcrypto/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:51 2002 +.\" Sun Jan 12 18:05:20 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "PKCS8 1" -.TH PKCS8 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "pkcs8 3" +.TH pkcs8 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" pkcs8 \- PKCS#8 format private key conversion tool diff --git a/secure/lib/libcrypto/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index b9f16e5..37c5c07 100644 --- a/secure/lib/libcrypto/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:52 2002 +.\" Sun Jan 12 18:05:21 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "RAND 1" -.TH RAND 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "rand 3" +.TH rand 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" rand \- generate pseudo-random bytes @@ -152,7 +152,7 @@ rand \- generate pseudo-random bytes .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding -the random number generater once. As in other \fBopenssl\fR command +the random number generator once. As in other \fBopenssl\fR command line tools, \s-1PRNG\s0 seeding uses the file \fI$HOME/\fR\fB.rnd\fR or \fB.rnd\fR in addition to the files given in the \fB\-rand\fR option. A new \&\fI$HOME\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough diff --git a/secure/lib/libcrypto/man/req.1 b/secure/usr.bin/openssl/man/req.1 index 9915eea..1ae330e 100644 --- a/secure/lib/libcrypto/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:52 2002 +.\" Sun Jan 12 18:05:22 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,11 +137,11 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "REQ 1" -.TH REQ 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "req 3" +.TH req 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" -req \- PKCS#10 certificate and certificate generating utility. +req \- PKCS#10 certificate request and certificate generating utility. .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBreq\fR @@ -152,6 +152,7 @@ req \- PKCS#10 certificate and certificate generating utility. [\fB\-out filename\fR] [\fB\-passout arg\fR] [\fB\-text\fR] +[\fB\-pubkey\fR] [\fB\-noout\fR] [\fB\-verify\fR] [\fB\-modulus\fR] @@ -165,12 +166,18 @@ req \- PKCS#10 certificate and certificate generating utility. [\fB\-keyout filename\fR] [\fB\-[md5|sha1|md2|mdc2]\fR] [\fB\-config filename\fR] +[\fB\-subj arg\fR] [\fB\-x509\fR] [\fB\-days n\fR] +[\fB\-set_serial n\fR] [\fB\-asn1\-kludge\fR] [\fB\-newhdr\fR] [\fB\-extensions section\fR] [\fB\-reqexts section\fR] +[\fB\-utf8\fR] +[\fB\-nameopt\fR] +[\fB\-batch\fR] +[\fB\-verbose\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBreq\fR command primarily creates and processes certificate requests @@ -208,6 +215,9 @@ see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). .Ip "\fB\-text\fR" 4 .IX Item "-text" prints out the certificate request in text form. +.Ip "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +outputs the public key. .Ip "\fB\-noout\fR" 4 .IX Item "-noout" this option prevents output of the encoded version of the request. @@ -268,16 +278,29 @@ This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. this allows an alternative configuration file to be specified, this overrides the compile time filename or any specified in the \fB\s-1OPENSSL_CONF\s0\fR environment variable. +.Ip "\fB\-subj arg\fR" 4 +.IX Item "-subj arg" +sets subject name for new request or supersedes the subject name +when processing a request. +The arg must be formatted as \fI/type0=value0/type1=value1/type2=...\fR, +characters may be escaped by \e (backslash), no spaces are skipped. .Ip "\fB\-x509\fR" 4 .IX Item "-x509" this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root \s-1CA\s0. The extensions added to the certificate -(if any) are specified in the configuration file. +(if any) are specified in the configuration file. Unless specified +using the \fBset_serial\fR option \fB0\fR will be used for the serial +number. .Ip "\fB\-days n\fR" 4 .IX Item "-days n" when the \fB\-x509\fR option is being used this specifies the number of days to certify the certificate for. The default is 30 days. +.Ip "\fB\-set_serial n\fR" 4 +.IX Item "-set_serial n" +serial number to use when outputting a self signed certificate. This +may be specified as a decimal value or a hex value if preceded by \fB0x\fR. +It is possible to use negative serial numbers but this is not recommended. .Ip "\fB\-extensions section\fR" 4 .IX Item "-extensions section" .PD 0 @@ -289,6 +312,18 @@ extensions (if the \fB\-x509\fR option is present) or certificate request extensions. This allows several different sections to be used in the same configuration file to specify requests for a variety of purposes. +.Ip "\fB\-utf8\fR" 4 +.IX Item "-utf8" +this option causes field values to be interpreted as \s-1UTF8\s0 strings, by +default they are interpreted as \s-1ASCII\s0. This means that the field +values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. +.Ip "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the x509(1) manual page for details. .Ip "\fB\-asn1\-kludge\fR" 4 .IX Item "-asn1-kludge" by default the \fBreq\fR command outputs certificate requests containing @@ -307,6 +342,12 @@ It should be noted that very few CAs still require the use of this option. .IX Item "-newhdr" Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputed request. Some software (Netscape certificate server) and some CAs need this. +.Ip "\fB\-batch\fR" 4 +.IX Item "-batch" +non-interactive mode. +.Ip "\fB\-verbose\fR" 4 +.IX Item "-verbose" +print extra details about the operations being performed. .SH "CONFIGURATION FILE FORMAT" .IX Header "CONFIGURATION FILE FORMAT" The configuration options are specified in the \fBreq\fR section of @@ -386,6 +427,12 @@ is used. It can be overridden by the \fB\-extensions\fR command line switch. if set to the value \fBno\fR this disables prompting of certificate fields and just takes values from the config file directly. It also changes the expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. +.Ip "\fButf8\fR" 4 +.IX Item "utf8" +if set to the value \fByes\fR then field values to be interpreted as \s-1UTF8\s0 +strings, by default they are interpreted as \s-1ASCII\s0. This means that +the field values, whether prompted from a terminal or obtained from a +configuration file, must be valid \s-1UTF8\s0 strings. .Ip "\fBattributes\fR" 4 .IX Item "attributes" this specifies the section containing any request attributes: its format @@ -566,14 +613,14 @@ Sample configuration containing all field values: The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: .PP .Vb 2 -\& -----BEGIN CERTIFICATE REQUEST---- -\& -----END CERTIFICATE REQUEST---- +\& -----BEGIN CERTIFICATE REQUEST----- +\& -----END CERTIFICATE REQUEST----- .Ve some software (some versions of Netscape certificate server) instead needs: .PP .Vb 2 -\& -----BEGIN NEW CERTIFICATE REQUEST---- -\& -----END NEW CERTIFICATE REQUEST---- +\& -----BEGIN NEW CERTIFICATE REQUEST----- +\& -----END NEW CERTIFICATE REQUEST----- .Ve which is produced with the \fB\-newhdr\fR option but is otherwise compatible. Either form is accepted transparently on input. diff --git a/secure/lib/libcrypto/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 560c144..ea57b93 100644 --- a/secure/lib/libcrypto/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:53 2002 +.\" Sun Jan 12 18:05:23 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "RSA 1" -.TH RSA 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "rsa 3" +.TH rsa 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" rsa \- \s-1RSA\s0 key processing tool @@ -255,7 +255,7 @@ and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encry It is not very secure and so should only be used when necessary. .PP Some newer version of \s-1IIS\s0 have additional data in the exported .key -files. To use thse with the utility view the file with a binary editor +files. To use these with the utility, view the file with a binary editor and look for the string \*(L"private-key\*(R", then trace back to the byte sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data from this point onwards to another file and use that as the input diff --git a/secure/lib/libcrypto/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index 62b7552..67e3f3e 100644 --- a/secure/lib/libcrypto/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:54 2002 +.\" Sun Jan 12 18:05:25 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "RSAUTL 1" -.TH RSAUTL 1 "0.9.6e" "2001-07-19" "OpenSSL" +.IX Title "rsautl 3" +.TH rsautl 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" rsautl \- \s-1RSA\s0 utility diff --git a/secure/lib/libcrypto/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index e7c3665..c0c0d0b 100644 --- a/secure/lib/libcrypto/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:54 2002 +.\" Sun Jan 12 18:05:26 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "0.9.6e" "2001-05-19" "OpenSSL" +.IX Title "s_client 3" +.TH s_client 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" s_client \- \s-1SSL/TLS\s0 client program @@ -155,6 +155,7 @@ s_client \- \s-1SSL/TLS\s0 client program [\fB\-pause\fR] [\fB\-showcerts\fR] [\fB\-debug\fR] +[\fB\-msg\fR] [\fB\-nbio_test\fR] [\fB\-state\fR] [\fB\-nbio\fR] @@ -169,6 +170,7 @@ s_client \- \s-1SSL/TLS\s0 client program [\fB\-no_tls1\fR] [\fB\-bugs\fR] [\fB\-cipher cipherlist\fR] +[\fB\-engine id\fR] [\fB\-rand \f(BIfile\fB\|(s)\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -232,6 +234,9 @@ prints out the \s-1SSL\s0 session states. .Ip "\fB\-debug\fR" 4 .IX Item "-debug" print extensive debugging information including a hex dump of all traffic. +.Ip "\fB\-msg\fR" 4 +.IX Item "-msg" +show all protocol messages with hex dump. .Ip "\fB\-nbio_test\fR" 4 .IX Item "-nbio_test" tests non-blocking I/O @@ -248,7 +253,7 @@ inhibit shutting down the connection when end of file is reached in the input. .Ip "\fB\-quiet\fR" 4 .IX Item "-quiet" -inhibit printing of session and certificate information. This implicitely +inhibit printing of session and certificate information. This implicitly turns on \fB\-ign_eof\fR as well. .Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 .IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" @@ -270,6 +275,12 @@ this allows the cipher list sent by the client to be modified. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the \fBciphers\fR command for more information. +.Ip "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by it's unique \fBid\fR string) will cause \fBs_client\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. .Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 .IX Item "-rand file" a file or files containing random data used to seed the random number @@ -282,7 +293,7 @@ all others. If a connection is established with an \s-1SSL\s0 server then any data received from the server is displayed and any key presses will be sent to the server. When used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR -have been given), the session will be renegociated if the line begins with an +have been given), the session will be renegotiated if the line begins with an \&\fBR\fR, and if the line begins with a \fBQ\fR or if end of file is reached, the connection will be closed down. .SH "NOTES" diff --git a/secure/lib/libcrypto/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index a021746..e2fd3e7 100644 --- a/secure/lib/libcrypto/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:55 2002 +.\" Sun Jan 12 18:05:27 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "S_SERVER 1" -.TH S_SERVER 1 "0.9.6e" "2001-07-19" "OpenSSL" +.IX Title "s_server 3" +.TH s_server 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" s_server \- \s-1SSL/TLS\s0 server program @@ -158,6 +158,7 @@ s_server \- \s-1SSL/TLS\s0 server program [\fB\-nbio_test\fR] [\fB\-crlf\fR] [\fB\-debug\fR] +[\fB\-msg\fR] [\fB\-state\fR] [\fB\-CApath directory\fR] [\fB\-CAfile filename\fR] @@ -176,6 +177,8 @@ s_server \- \s-1SSL/TLS\s0 server program [\fB\-hack\fR] [\fB\-www\fR] [\fB\-WWW\fR] +[\fB\-HTTP\fR] +[\fB\-engine id\fR] [\fB\-rand \f(BIfile\fB\|(s)\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -253,6 +256,9 @@ prints out the \s-1SSL\s0 session states. .Ip "\fB\-debug\fR" 4 .IX Item "-debug" print extensive debugging information including a hex dump of all traffic. +.Ip "\fB\-msg\fR" 4 +.IX Item "-msg" +show all protocol messages with hex dump. .Ip "\fB\-nbio_test\fR" 4 .IX Item "-nbio_test" tests non blocking I/O @@ -296,6 +302,19 @@ web browser. emulates a simple web server. Pages will be resolved relative to the current directory, for example if the \s-1URL\s0 https://myhost/page.html is requested the file ./page.html will be loaded. +.Ip "\fB\-HTTP\fR" 4 +.IX Item "-HTTP" +emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 https://myhost/page.html is +requested the file ./page.html will be loaded. The files loaded are +assumed to contain a complete and correct \s-1HTTP\s0 response (lines that +are part of the \s-1HTTP\s0 response line and headers must end with \s-1CRLF\s0). +.Ip "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by it's unique \fBid\fR string) will cause \fBs_server\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. .Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 .IX Item "-rand file" a file or files containing random data used to seed the random number diff --git a/secure/lib/libcrypto/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 9a9c557..9a42c14 100644 --- a/secure/lib/libcrypto/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:56 2002 +.\" Sun Jan 12 18:05:28 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SESS_ID 1" -.TH SESS_ID 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "sess_id 3" +.TH sess_id 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" sess_id \- \s-1SSL/TLS\s0 session handling utility diff --git a/secure/lib/libcrypto/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index a04e835..1934b8c 100644 --- a/secure/lib/libcrypto/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:57 2002 +.\" Sun Jan 12 18:05:29 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SMIME 1" -.TH SMIME 1 "0.9.6e" "2002-07-30" "OpenSSL" +.IX Title "smime 3" +.TH smime 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" smime \- S/MIME utility @@ -438,8 +438,8 @@ signature by line wrapping the base64 encoded structure and surrounding it with: .PP .Vb 2 -\& -----BEGIN PKCS7---- -\& -----END PKCS7---- +\& -----BEGIN PKCS7----- +\& -----END PKCS7----- .Ve and using the command, .PP diff --git a/secure/lib/libcrypto/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index a0483b8..db174ab 100644 --- a/secure/lib/libcrypto/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:57 2002 +.\" Sun Jan 12 18:05:31 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,14 +137,15 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SPEED 1" -.TH SPEED 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "speed 3" +.TH speed 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" speed \- test library performance .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl speed\fR +[\fB\-engine id\fR] [\fBmd2\fR] [\fBmdc2\fR] [\fBmd5\fR] @@ -175,5 +176,13 @@ speed \- test library performance This command is used to test the performance of cryptographic algorithms. .SH "OPTIONS" .IX Header "OPTIONS" +.Ip "\fB\-engine id\fR" 4 +.IX Item "-engine id" +specifying an engine (by it's unique \fBid\fR string) will cause \fBspeed\fR +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. +.Ip "\fB[zero or more test algorithms]\fR" 4 +.IX Item "[zero or more test algorithms]" If any options are given, \fBspeed\fR tests those algorithms, otherwise all of the above are tested. diff --git a/secure/lib/libcrypto/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 2a7df5a..96a7211 100644 --- a/secure/lib/libcrypto/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:58 2002 +.\" Sun Jan 12 18:05:32 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "SPKAC 1" -.TH SPKAC 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "spkac 3" +.TH spkac 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" spkac \- \s-1SPKAC\s0 printing and generating utility diff --git a/secure/lib/libcrypto/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 190105c..f9b7d6a 100644 --- a/secure/lib/libcrypto/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:59 2002 +.\" Sun Jan 12 18:05:33 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "VERIFY 1" -.TH VERIFY 1 "0.9.6e" "2002-01-26" "OpenSSL" +.IX Title "verify 3" +.TH verify 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" verify \- Utility to verify certificates. diff --git a/secure/lib/libcrypto/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 9d2112d..6337fe9 100644 --- a/secure/lib/libcrypto/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:20:59 2002 +.\" Sun Jan 12 18:05:34 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "VERSION 1" -.TH VERSION 1 "0.9.6e" "2000-04-13" "OpenSSL" +.IX Title "version 3" +.TH version 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" version \- print OpenSSL version information @@ -174,7 +174,13 @@ compilation flags. .Ip "\fB\-p\fR" 4 .IX Item "-p" platform setting. +.Ip "\fB\-d\fR" 4 +.IX Item "-d" +\&\s-1OPENSSLDIR\s0 setting. .SH "NOTES" .IX Header "NOTES" The output of \fBopenssl version \-a\fR would typically be used when sending in a bug report. +.SH "HISTORY" +.IX Header "HISTORY" +The \fB\-d\fR option was added in OpenSSL 0.9.7. diff --git a/secure/lib/libcrypto/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 4b76ee1..d1530c5 100644 --- a/secure/lib/libcrypto/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,5 +1,5 @@ .\" Automatically generated by Pod::Man version 1.15 -.\" Tue Jul 30 09:21:00 2002 +.\" Sun Jan 12 18:05:35 2003 .\" .\" Standard preamble: .\" ====================================================================== @@ -137,8 +137,8 @@ .rm #[ #] #H #V #F C .\" ====================================================================== .\" -.IX Title "X509 1" -.TH X509 1 "0.9.6e" "2000-11-12" "OpenSSL" +.IX Title "x509 3" +.TH x509 3 "0.9.7" "2003-01-12" "OpenSSL" .UC .SH "NAME" x509 \- Certificate display and signing utility @@ -173,6 +173,7 @@ x509 \- Certificate display and signing utility [\fB\-addreject arg\fR] [\fB\-setalias arg\fR] [\fB\-days arg\fR] +[\fB\-set_serial n\fR] [\fB\-signkey filename\fR] [\fB\-x509toreq\fR] [\fB\-req\fR] @@ -195,8 +196,10 @@ certificate trust settings. .PP Since there are a large number of options they will split up into various sections. -.SH "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" -.IX Header "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" +.SH "OPTIONS" +.IX Header "OPTIONS" +.Sh "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" +.IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" .Ip "\fB\-inform DER|PEM|NET\fR" 4 .IX Item "-inform DER|PEM|NET" This specifies the input format normally the command will expect an X509 @@ -223,15 +226,21 @@ the digest to use. This affects any signing or display option that uses a messag digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. -.SH "DISPLAY OPTIONS" -.IX Header "DISPLAY OPTIONS" +.Sh "\s-1DISPLAY\s0 \s-1OPTIONS\s0" +.IX Subsection "DISPLAY OPTIONS" Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options -but are described in the \fB\s-1TRUST\s0 \s-1OPTIONS\s0\fR section. +but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section. .Ip "\fB\-text\fR" 4 .IX Item "-text" prints out the certificate in text form. Full details are output including the public key, signature algorithms, issuer and subject names, serial number any extensions present and any trust settings. +.Ip "\fB\-certopt option\fR" 4 +.IX Item "-certopt option" +customise the output format used with \fB\-text\fR. The \fBoption\fR argument can be +a single option or multiple options separated by commas. The \fB\-certopt\fR switch +may be also be used more than once to set multiple options. See the \fB\s-1TEXT\s0 \s-1OPTIONS\s0\fR +section for more information. .Ip "\fB\-noout\fR" 4 .IX Item "-noout" this option prevents output of the encoded version of the request. @@ -255,9 +264,10 @@ outputs the subject name. outputs the issuer name. .Ip "\fB\-nameopt option\fR" 4 .IX Item "-nameopt option" -option which determine how the subject or issuer names are displayed. This -option may be used more than once to set multiple options. See the \fB\s-1NAME\s0 -\&\s-1OPTIONS\s0\fR section for more information. +option which determines how the subject or issuer names are displayed. The +\&\fBoption\fR argument can be a single option or multiple options separated by +commas. Alternatively the \fB\-nameopt\fR switch may be used more than once to +set multiple options. See the \fB\s-1NAME\s0 \s-1OPTIONS\s0\fR section for more information. .Ip "\fB\-email\fR" 4 .IX Item "-email" outputs the email address(es) if any. @@ -272,12 +282,13 @@ prints out the expiry date of the certificate, that is the notAfter date. prints out the start and expiry dates of a certificate. .Ip "\fB\-fingerprint\fR" 4 .IX Item "-fingerprint" -prints out the digest of the \s-1DER\s0 encoded version of the whole certificate. +prints out the digest of the \s-1DER\s0 encoded version of the whole certificate +(see digest options). .Ip "\fB\-C\fR" 4 .IX Item "-C" this outputs the certificate in the form of a C source file. -.SH "TRUST SETTINGS" -.IX Header "TRUST SETTINGS" +.Sh "\s-1TRUST\s0 \s-1SETTINGS\s0" +.IX Subsection "TRUST SETTINGS" Please note these options are currently experimental and may well change. .PP A \fBtrusted certificate\fR is an ordinary certificate which has several @@ -333,8 +344,8 @@ option. this option performs tests on the certificate extensions and outputs the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 \&\s-1EXTENSIONS\s0\fR section. -.SH "SIGNING OPTIONS" -.IX Header "SIGNING OPTIONS" +.Sh "\s-1SIGNING\s0 \s-1OPTIONS\s0" +.IX Subsection "SIGNING OPTIONS" The \fBx509\fR utility can be used to sign certificates and requests: it can thus behave like a \*(L"mini \s-1CA\s0\*(R". .Ip "\fB\-signkey filename\fR" 4 @@ -374,6 +385,15 @@ is used to pass the required private key. .IX Item "-req" by default a certificate is expected on input. With this option a certificate request is expected instead. +.Ip "\fB\-set_serial n\fR" 4 +.IX Item "-set_serial n" +specifies the serial number to use. This option can be used with either +the \fB\-signkey\fR or \fB\-CA\fR options. If used in conjunction with the \fB\-CA\fR +option the serial number file (as specified by the \fB\-CAserial\fR or +\&\fB\-CAcreateserial\fR options) is not used. +.Sp +The serial number can be decimal or hex (if preceded by \fB0x\fR). Negative +serial numbers can also be specified but their use is not recommended. .Ip "\fB\-CA filename\fR" 4 .IX Item "-CA filename" specifies the \s-1CA\s0 certificate to be used for signing. When this option is @@ -400,8 +420,8 @@ use the serial number is incremented and written out to the file again. The default filename consists of the \s-1CA\s0 certificate file base name with \&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called \&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R". -.Ip "\fB\-CAcreateserial filename\fR" 4 -.IX Item "-CAcreateserial filename" +.Ip "\fB\-CAcreateserial\fR" 4 +.IX Item "-CAcreateserial" with this option the \s-1CA\s0 serial number file is created if it does not exist: it will contain the serial number \*(L"02\*(R" and the certificate being signed will have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified @@ -416,8 +436,8 @@ the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called \&\*(L"extensions\*(R" which contains the section to use. -.SH "NAME OPTIONS" -.IX Header "NAME OPTIONS" +.Sh "\s-1NAME\s0 \s-1OPTIONS\s0" +.IX Subsection "NAME OPTIONS" The \fBnameopt\fR command line switch determines how the subject and issuer names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" format is used which is compatible with previous versions of OpenSSL. @@ -440,11 +460,11 @@ options. .Ip "\fBmultiline\fR" 4 .IX Item "multiline" a multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, -\&\fBspc_eq\fR and \fBlname\fR. +\&\fBspc_eq\fR, \fBlname\fR and \fBalign\fR. .Ip "\fBesc_2253\fR" 4 .IX Item "esc_2253" escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field That is -\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginnging of a string +\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginning of a string and a space character at the beginning or end of a string. .Ip "\fBesc_ctrl\fR" 4 .IX Item "esc_ctrl" @@ -490,7 +510,7 @@ content octets will be displayed. Both options use the \s-1RFC2253\s0 .IX Item "dump_nostr" dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this option is not set then non character string types will be displayed -as though each content octet repesents a single character. +as though each content octet represents a single character. .Ip "\fBdump_all\fR" 4 .IX Item "dump_all" dump all fields. This option when used with \fBdump_der\fR allows the @@ -519,10 +539,71 @@ not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form (\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form. \&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for diagnostic purpose. +.Ip "\fBalign\fR" 4 +.IX Item "align" +align field values for a more readable output. Only usable with +\&\fBsep_multiline\fR. .Ip "\fBspc_eq\fR" 4 .IX Item "spc_eq" places spaces round the \fB=\fR character which follows the field name. +.Sh "\s-1TEXT\s0 \s-1OPTIONS\s0" +.IX Subsection "TEXT OPTIONS" +As well as customising the name output format, it is also possible to +customise the actual fields printed using the \fBcertopt\fR options when +the \fBtext\fR option is present. The default behaviour is to print all fields. +.Ip "\fBcompatible\fR" 4 +.IX Item "compatible" +use the old format. This is equivalent to specifying no output options at all. +.Ip "\fBno_header\fR" 4 +.IX Item "no_header" +don't print header information: that is the lines saying \*(L"Certificate\*(R" and \*(L"Data\*(R". +.Ip "\fBno_version\fR" 4 +.IX Item "no_version" +don't print out the version number. +.Ip "\fBno_serial\fR" 4 +.IX Item "no_serial" +don't print out the serial number. +.Ip "\fBno_signame\fR" 4 +.IX Item "no_signame" +don't print out the signature algorithm used. +.Ip "\fBno_validity\fR" 4 +.IX Item "no_validity" +don't print the validity, that is the \fBnotBefore\fR and \fBnotAfter\fR fields. +.Ip "\fBno_subject\fR" 4 +.IX Item "no_subject" +don't print out the subject name. +.Ip "\fBno_issuer\fR" 4 +.IX Item "no_issuer" +don't print out the issuer name. +.Ip "\fBno_pubkey\fR" 4 +.IX Item "no_pubkey" +don't print out the public key. +.Ip "\fBno_sigdump\fR" 4 +.IX Item "no_sigdump" +don't give a hexadecimal dump of the certificate signature. +.Ip "\fBno_aux\fR" 4 +.IX Item "no_aux" +don't print out certificate trust information. +.Ip "\fBno_extensions\fR" 4 +.IX Item "no_extensions" +don't print out any X509V3 extensions. +.Ip "\fBext_default\fR" 4 +.IX Item "ext_default" +retain default extension behaviour: attempt to print out unsupported certificate extensions. +.Ip "\fBext_error\fR" 4 +.IX Item "ext_error" +print an error message for unsupported certificate extensions. +.Ip "\fBext_parse\fR" 4 +.IX Item "ext_parse" +\&\s-1ASN1\s0 parse unsupported extensions. +.Ip "\fBext_dump\fR" 4 +.IX Item "ext_dump" +hex dump unsupported extensions. +.Ip "\fBca_default\fR" 4 +.IX Item "ca_default" +the value used by the \fBca\fR utility, equivalent to \fBno_issuer\fR, \fBno_pubkey\fR, \fBno_header\fR, +\&\fBno_version\fR, \fBno_sigdump\fR and \fBno_signame\fR. .SH "EXAMPLES" .IX Header "EXAMPLES" Note: in these examples the '\e' means the example should be all on one @@ -552,7 +633,7 @@ Display the certificate subject name in oneline form on a terminal supporting \s-1UTF8:\s0 .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb +\& openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb .Ve Display the certificate \s-1MD5\s0 fingerprint: .PP @@ -600,20 +681,20 @@ Set a certificate to be trusted for \s-1SSL\s0 client use and change set its ali The \s-1PEM\s0 format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN CERTIFICATE---- -\& -----END CERTIFICATE---- +\& -----BEGIN CERTIFICATE----- +\& -----END CERTIFICATE----- .Ve it will also handle files containing: .PP .Vb 2 -\& -----BEGIN X509 CERTIFICATE---- -\& -----END X509 CERTIFICATE---- +\& -----BEGIN X509 CERTIFICATE----- +\& -----END X509 CERTIFICATE----- .Ve Trusted certificates have the lines .PP .Vb 2 -\& -----BEGIN TRUSTED CERTIFICATE---- -\& -----END TRUSTED CERTIFICATE---- +\& -----BEGIN TRUSTED CERTIFICATE----- +\& -----END TRUSTED CERTIFICATE----- .Ve The conversion to \s-1UTF8\s0 format used with the name options assumes that T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape |