diff options
| author | markm <markm@FreeBSD.org> | 2002-05-14 16:06:50 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2002-05-14 16:06:50 +0000 |
| commit | aeefd5b3e2766cf2adf46ab0d391c6290c566150 (patch) | |
| tree | 1b2346a595f785988975c71a5f29de7e01b24cc4 /secure | |
| parent | fa71779225949e4336753dba62bf930087152e61 (diff) | |
| download | FreeBSD-src-aeefd5b3e2766cf2adf46ab0d391c6290c566150.zip FreeBSD-src-aeefd5b3e2766cf2adf46ab0d391c6290c566150.tar.gz | |
As the perl-generated assembler files have been committed, add the
perl-generated (.pod) manual pages too. This is another nail in the
perl5 coffin (for base perl, not the port or the language in general).
Diffstat (limited to 'secure')
223 files changed, 52244 insertions, 0 deletions
diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 new file mode 100644 index 0000000..5bc60ee --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -0,0 +1,267 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:23 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_CTRL 1" +.TH BIO_CTRL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset, +BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close, +BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending, +BIO_get_info_callback, BIO_set_info_callback \- \s-1BIO\s0 control operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 4 +\& long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); +\& long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); +\& char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); +\& long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); +.Ve +.Vb 11 +\& int BIO_reset(BIO *b); +\& int BIO_seek(BIO *b, int ofs); +\& int BIO_tell(BIO *b); +\& int BIO_flush(BIO *b); +\& int BIO_eof(BIO *b); +\& int BIO_set_close(BIO *b,long flag); +\& int BIO_get_close(BIO *b); +\& int BIO_pending(BIO *b); +\& int BIO_wpending(BIO *b); +\& size_t BIO_ctrl_pending(BIO *b); +\& size_t BIO_ctrl_wpending(BIO *b); +.Ve +.Vb 2 +\& int BIO_get_info_callback(BIO *b,bio_info_cb **cbp); +\& int BIO_set_info_callback(BIO *b,bio_info_cb *cb); +.Ve +.Vb 1 +\& typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_ctrl()\fR, \fIBIO_callback_ctrl()\fR, \fIBIO_ptr_ctrl()\fR and \fIBIO_int_ctrl()\fR +are \s-1BIO\s0 \*(L"control\*(R" operations taking arguments of various types. +These functions are not normally called directly, various macros +are used instead. The standard macros are described below, macros +specific to a particular type of \s-1BIO\s0 are described in the specific +BIOs manual page as well as any special features of the standard +calls. +.PP +\&\fIBIO_reset()\fR typically resets a \s-1BIO\s0 to some initial state, in the case +of file related BIOs for example it rewinds the file pointer to the +start of the file. +.PP +\&\fIBIO_seek()\fR resets a file related \s-1BIO\s0's (that is file descriptor and +\&\s-1FILE\s0 BIOs) file position pointer to \fBofs\fR bytes from start of file. +.PP +\&\fIBIO_tell()\fR returns the current file position of a file related \s-1BIO\s0. +.PP +\&\fIBIO_flush()\fR normally writes out any internally buffered data, in some +cases it is used to signal \s-1EOF\s0 and that no more data will be written. +.PP +\&\fIBIO_eof()\fR returns 1 if the \s-1BIO\s0 has read \s-1EOF\s0, the precise meaning of +\&\*(L"\s-1EOF\s0\*(R" varies according to the \s-1BIO\s0 type. +.PP +\&\fIBIO_set_close()\fR sets the \s-1BIO\s0 \fBb\fR close flag to \fBflag\fR. \fBflag\fR can +take the value \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. Typically \s-1BIO_CLOSE\s0 is used +in a source/sink \s-1BIO\s0 to indicate that the underlying I/O stream should +be closed when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_get_close()\fR returns the BIOs close flag. +.PP +\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +return the number of pending characters in the BIOs read and write buffers. +Not all BIOs support these calls. \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR +return a size_t type and are functions, \fIBIO_pending()\fR and \fIBIO_wpending()\fR are +macros which call \fIBIO_ctrl()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_reset()\fR normally returns 1 for success and 0 or \-1 for failure. File +BIOs are an exception, they return 0 for success and \-1 for failure. +.PP +\&\fIBIO_seek()\fR and \fIBIO_tell()\fR both return the current file position on success +and \-1 for failure, except file BIOs which for \fIBIO_seek()\fR always return 0 +for success and \-1 for failure. +.PP +\&\fIBIO_flush()\fR returns 1 for success and 0 or \-1 for failure. +.PP +\&\fIBIO_eof()\fR returns 1 if \s-1EOF\s0 has been reached 0 otherwise. +.PP +\&\fIBIO_set_close()\fR always returns 1. +.PP +\&\fIBIO_get_close()\fR returns the close flag value: \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +.PP +\&\fIBIO_pending()\fR, \fIBIO_ctrl_pending()\fR, \fIBIO_wpending()\fR and \fIBIO_ctrl_wpending()\fR +return the amount of pending data. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_flush()\fR, because it can write data may return 0 or \-1 indicating +that the call should be retried later in a similar manner to \fIBIO_write()\fR. +The \fIBIO_should_retry()\fR call should be used and appropriate action taken +is the call fails. +.PP +The return values of \fIBIO_pending()\fR and \fIBIO_wpending()\fR may not reliably +determine the amount of pending data in all cases. For example in the +case of a file \s-1BIO\s0 some data may be available in the \s-1FILE\s0 structures +internal buffers but it is not possible to determine this in a +portably way. For other types of \s-1BIO\s0 they may not be supported. +.PP +Filter BIOs if they do not internally handle a particular \fIBIO_ctrl()\fR +operation usually pass the operation to the next \s-1BIO\s0 in the chain. +This often means there is no need to locate the required \s-1BIO\s0 for +a particular operation, it can be called on a chain and it will +be automatically passed to the relevant \s-1BIO\s0. However this can cause +unexpected results: for example no current filter BIOs implement +\&\fIBIO_seek()\fR, but this may still succeed if the chain ends in a \s-1FILE\s0 +or file descriptor \s-1BIO\s0. +.PP +Source/sink BIOs return an 0 if they do not recognize the \fIBIO_ctrl()\fR +operation. +.SH "BUGS" +.IX Header "BUGS" +Some of the return values are ambiguous and care should be taken. In +particular a return value of 0 can be returned if an operation is not +supported, if an error occurred, if \s-1EOF\s0 has not been reached and in +the case of \fIBIO_seek()\fR on a file \s-1BIO\s0 for a successful operation. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 new file mode 100644 index 0000000..1e13318 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -0,0 +1,224 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:25 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_F_BASE64 1" +.TH BIO_F_BASE64 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_f_base64 \- base64 \s-1BIO\s0 filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include <openssl/bio.h> +\& #include <openssl/evp.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_f_base64(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that base64 encodes any data written through it and decodes +any data read through it. +.PP +Base64 BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +.PP +\&\fIBIO_flush()\fR on a base64 \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encoded: this is used +to flush the final block through the \s-1BIO\s0. +.PP +The flag \s-1BIO_FLAGS_BASE64_NO_NL\s0 can be set with \fIBIO_set_flags()\fR +to encode the data all on one line or expect the data to be all +on one line. +.SH "NOTES" +.IX Header "NOTES" +Because of the format of base64 encoding the end of the encoded +block cannot always be reliably determined. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_base64()\fR returns the base64 \s-1BIO\s0 method. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Base64 encode the string \*(L"Hello World\en\*(R" and write the result +to standard output: +.PP +.Vb 2 +\& BIO *bio, *b64; +\& char message[] = "Hello World \en"; +.Ve +.Vb 5 +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdout, BIO_NOCLOSE); +\& bio = BIO_push(b64, bio); +\& BIO_write(bio, message, strlen(message)); +\& BIO_flush(bio); +.Ve +.Vb 1 +\& BIO_free_all(bio); +.Ve +Read Base64 encoded data from standard input and write the decoded +data to standard output: +.PP +.Vb 4 +\& BIO *bio, *b64, bio_out; +\& char inbuf[512]; +\& int inlen; +\& char message[] = "Hello World \en"; +.Ve +.Vb 6 +\& b64 = BIO_new(BIO_f_base64()); +\& bio = BIO_new_fp(stdin, BIO_NOCLOSE); +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& bio = BIO_push(b64, bio); +\& while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) +\& BIO_write(bio_out, inbuf, inlen); +.Ve +.Vb 1 +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The ambiguity of \s-1EOF\s0 in base64 encoded data can cause additional +data following the base64 encoded block to be misinterpreted. +.PP +There should be some way of specifying a test that the \s-1BIO\s0 can perform +to reliably determine \s-1EOF\s0 (for example a \s-1MIME\s0 boundary). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 new file mode 100644 index 0000000..108ffa0 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -0,0 +1,207 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:28 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_F_BUFFER 1" +.TH BIO_F_BUFFER 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_f_buffer \- buffering \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_f_buffer(void); +.Ve +.Vb 5 +\& #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) +\& #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) +\& #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) +\& #define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) +\& #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +Data written to a buffering \s-1BIO\s0 is buffered and periodically written +to the next \s-1BIO\s0 in the chain. Data read from a buffering \s-1BIO\s0 comes from +an internal buffer which is filled from the next \s-1BIO\s0 in the chain. +Both \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported. +.PP +Calling \fIBIO_reset()\fR on a buffering \s-1BIO\s0 clears any buffered data. +.PP +\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines currently buffered. +.PP +\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +set the read, write or both read and write buffer sizes to \fBsize\fR. The initial +buffer size is \s-1DEFAULT_BUFFER_SIZE\s0, currently 1024. Any attempt to reduce the +buffer size below \s-1DEFAULT_BUFFER_SIZE\s0 is ignored. Any buffered data is cleared +when the buffer is resized. +.PP +\&\fIBIO_set_buffer_read_data()\fR clears the read buffer and fills it with \fBnum\fR +bytes of \fBbuf\fR. If \fBnum\fR is larger than the current buffer size the buffer +is expanded. +.SH "NOTES" +.IX Header "NOTES" +Buffering BIOs implement \fIBIO_gets()\fR by using \fIBIO_read()\fR operations on the +next \s-1BIO\s0 in the chain. By prepending a buffering \s-1BIO\s0 to a chain it is therefore +possible to provide \fIBIO_gets()\fR functionality if the following BIOs do not +support it (for example \s-1SSL\s0 BIOs). +.PP +Data is only written to the next \s-1BIO\s0 in the chain when the write buffer fills +or when \fIBIO_flush()\fR is called. It is therefore important to call \fIBIO_flush()\fR +whenever any pending data should be written such as when removing a buffering +\&\s-1BIO\s0 using \fIBIO_pop()\fR. \fIBIO_flush()\fR may need to be retried if the ultimate +source/sink \s-1BIO\s0 is non blocking. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_buffer()\fR returns the buffering \s-1BIO\s0 method. +.PP +\&\fIBIO_get_buffer_num_lines()\fR returns the number of lines buffered (may be 0). +.PP +\&\fIBIO_set_read_buffer_size()\fR, \fIBIO_set_write_buffer_size()\fR and \fIBIO_set_buffer_size()\fR +return 1 if the buffer was successfully resized or 0 for failure. +.PP +\&\fIBIO_set_buffer_read_data()\fR returns 1 if the data was set correctly or 0 if +there was an error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 new file mode 100644 index 0000000..deba543 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:30 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_F_CIPHER 1" +.TH BIO_F_CIPHER 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include <openssl/bio.h> +\& #include <openssl/evp.h> +.Ve +.Vb 5 +\& BIO_METHOD * BIO_f_cipher(void); +\& void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher, +\& unsigned char *key, unsigned char *iv, int enc); +\& int BIO_get_cipher_status(BIO *b) +\& int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that encrypts any data written through it, and decrypts any data +read from it. It is a \s-1BIO\s0 wrapper for the cipher routines +\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR. +.PP +Cipher BIOs do not support \fIBIO_gets()\fR or \fIBIO_puts()\fR. +.PP +\&\fIBIO_flush()\fR on an encryption \s-1BIO\s0 that is being written through is +used to signal that no more data is to be encrypted: this is used +to flush and possibly pad the final block through the \s-1BIO\s0. +.PP +\&\fIBIO_set_cipher()\fR sets the cipher of \s-1BIO\s0 <b> to \fBcipher\fR using key \fBkey\fR +and \s-1IV\s0 \fBiv\fR. \fBenc\fR should be set to 1 for encryption and zero for +decryption. +.PP +When reading from an encryption \s-1BIO\s0 the final block is automatically +decrypted and checked when \s-1EOF\s0 is detected. \fIBIO_get_cipher_status()\fR +is a \fIBIO_ctrl()\fR macro which can be called to determine whether the +decryption operation was successful. +.PP +\&\fIBIO_get_cipher_ctx()\fR is a \fIBIO_ctrl()\fR macro which retrieves the internal +\&\s-1BIO\s0 cipher context. The retrieved context can be used in conjunction +with the standard cipher routines to set it up. This is useful when +\&\fIBIO_set_cipher()\fR is not flexible enough for the applications needs. +.SH "NOTES" +.IX Header "NOTES" +When encrypting \fIBIO_flush()\fR \fBmust\fR be called to flush the final block +through the \s-1BIO\s0. If it is not then the final block will fail a subsequent +decrypt. +.PP +When decrypting an error on the final block is signalled by a zero +return value from the read operation. A successful decrypt followed +by \s-1EOF\s0 will also return zero for the final read. \fIBIO_get_cipher_status()\fR +should be called to determine if the decrypt was successful. +.PP +As always, if \fIBIO_gets()\fR or \fIBIO_puts()\fR support is needed then it can +be achieved by preceding the cipher \s-1BIO\s0 with a buffering \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_cipher()\fR returns the cipher \s-1BIO\s0 method. +.PP +\&\fIBIO_set_cipher()\fR does not return a value. +.PP +\&\fIBIO_get_cipher_status()\fR returns 1 for a successful decrypt and 0 +for failure. +.PP +\&\fIBIO_get_cipher_ctx()\fR currently always returns 1. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +\&\s-1TBA\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 new file mode 100644 index 0000000..af0f168 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -0,0 +1,278 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_F_MD 1" +.TH BIO_F_MD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include <openssl/bio.h> +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& BIO_METHOD * BIO_f_md(void); +\& int BIO_set_md(BIO *b,EVP_MD *md); +\& int BIO_get_md(BIO *b,EVP_MD **mdp); +\& int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_md()\fR returns the message digest \s-1BIO\s0 method. This is a filter +\&\s-1BIO\s0 that digests any data passed through it, it is a \s-1BIO\s0 wrapper +for the digest routines \fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR +and \fIEVP_DigestFinal()\fR. +.PP +Any data written or read through a digest \s-1BIO\s0 using \fIBIO_read()\fR and +\&\fIBIO_write()\fR is digested. +.PP +\&\fIBIO_gets()\fR, if its \fBsize\fR parameter is large enough finishes the +digest calculation and returns the digest value. \fIBIO_puts()\fR is +not supported. +.PP +\&\fIBIO_reset()\fR reinitializes a digest \s-1BIO\s0. +.PP +\&\fIBIO_set_md()\fR sets the message digest of \s-1BIO\s0 \fBb\fR to \fBmd\fR: this +must be called to initialize a digest \s-1BIO\s0 before any data is +passed through it. It is a \fIBIO_ctrl()\fR macro. +.PP +\&\fIBIO_get_md()\fR places the a pointer to the digest BIOs digest method +in \fBmdp\fR, it is a \fIBIO_ctrl()\fR macro. +.PP +\&\fIBIO_get_md_ctx()\fR returns the digest BIOs context into \fBmdcp\fR. +.SH "NOTES" +.IX Header "NOTES" +The context returned by \fIBIO_get_md_ctx()\fR can be used in calls +to \fIEVP_DigestFinal()\fR and also the signature routines \fIEVP_SignFinal()\fR +and \fIEVP_VerifyFinal()\fR. +.PP +The context returned by \fIBIO_get_md_ctx()\fR is an internal context +structure. Changes made to this context will affect the digest +\&\s-1BIO\s0 itself and the context pointer will become invalid when the digest +\&\s-1BIO\s0 is freed. +.PP +After the digest has been retrieved from a digest \s-1BIO\s0 it must be +reinitialized by calling \fIBIO_reset()\fR, or \fIBIO_set_md()\fR before any more +data is passed through it. +.PP +If an application needs to call \fIBIO_gets()\fR or \fIBIO_puts()\fR through +a chain containing digest BIOs then this can be done by prepending +a buffering \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_md()\fR returns the digest \s-1BIO\s0 method. +.PP +\&\fIBIO_set_md()\fR, \fIBIO_get_md()\fR and \fIBIO_md_ctx()\fR return 1 for success and +0 for failure. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example creates a \s-1BIO\s0 chain containing an \s-1SHA1\s0 and \s-1MD5\s0 +digest \s-1BIO\s0 and passes the string \*(L"Hello World\*(R" through it. Error +checking has been omitted for clarity. +.PP +.Vb 14 +\& BIO *bio, *mdtmp; +\& char message[] = "Hello World"; +\& bio = BIO_new(BIO_s_null()); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& /* For BIO_push() we want to append the sink BIO and keep a note of +\& * the start of the chain. +\& */ +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& /* Note: mdtmp can now be discarded */ +\& BIO_write(bio, message, strlen(message)); +.Ve +The next example digests data by reading through a chain instead: +.PP +.Vb 14 +\& BIO *bio, *mdtmp; +\& char buf[1024]; +\& int rdlen; +\& bio = BIO_new_file(file, "rb"); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_sha1()); +\& bio = BIO_push(mdtmp, bio); +\& mdtmp = BIO_new(BIO_f_md()); +\& BIO_set_md(mdtmp, EVP_md5()); +\& bio = BIO_push(mdtmp, bio); +\& do { +\& rdlen = BIO_read(bio, buf, sizeof(buf)); +\& /* Might want to do something with the data here */ +\& } while(rdlen > 0); +.Ve +This next example retrieves the message digests from a \s-1BIO\s0 chain and +outputs them. This could be used with the examples above. +.PP +.Vb 16 +\& BIO *mdtmp; +\& unsigned char mdbuf[EVP_MAX_MD_SIZE]; +\& int mdlen; +\& int i; +\& mdtmp = bio; /* Assume bio has previously been set up */ +\& do { +\& EVP_MD *md; +\& mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); +\& if(!mdtmp) break; +\& BIO_get_md(mdtmp, &md); +\& printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); +\& mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); +\& for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]); +\& printf("\en"); +\& mdtmp = BIO_next(mdtmp); +\& } while(mdtmp); +.Ve +.Vb 1 +\& BIO_free_all(bio); +.Ve +.SH "BUGS" +.IX Header "BUGS" +The lack of support for \fIBIO_puts()\fR and the non standard behaviour of +\&\fIBIO_gets()\fR could be regarded as anomalous. It could be argued that \fIBIO_gets()\fR +and \fIBIO_puts()\fR should be passed to the next \s-1BIO\s0 in the chain and digest +the data passed through and that digests should be retrieved using a +separate \fIBIO_ctrl()\fR call. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 new file mode 100644 index 0000000..403c7cf --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:34 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_F_NULL 1" +.TH BIO_F_NULL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_f_null \- null filter +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_f_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. This is a filter \s-1BIO\s0 +that does nothing. +.PP +All requests to a null filter \s-1BIO\s0 are passed through to the next \s-1BIO\s0 in +the chain: this means that a \s-1BIO\s0 chain containing a null filter \s-1BIO\s0 +behaves just as though the \s-1BIO\s0 was not there. +.SH "NOTES" +.IX Header "NOTES" +As may be apparent a null filter \s-1BIO\s0 is not particularly useful. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_f_null()\fR returns the null filter \s-1BIO\s0 method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 new file mode 100644 index 0000000..400b998 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -0,0 +1,497 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:36 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_F_SSL 1" +.TH BIO_F_SSL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes, +BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl, +BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id, +BIO_ssl_shutdown \- \s-1SSL\s0 \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include <openssl/bio.h> +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& BIO_METHOD *BIO_f_ssl(void); +.Ve +.Vb 9 +\& #define BIO_set_ssl(b,ssl,c) BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl) +\& #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) +\& #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) +\& #define BIO_set_ssl_renegotiate_bytes(b,num) \e +\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); +\& #define BIO_set_ssl_renegotiate_timeout(b,seconds) \e +\& BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); +\& #define BIO_get_num_renegotiates(b) \e +\& BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL); +.Ve +.Vb 5 +\& BIO *BIO_new_ssl(SSL_CTX *ctx,int client); +\& BIO *BIO_new_ssl_connect(SSL_CTX *ctx); +\& BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); +\& int BIO_ssl_copy_session_id(BIO *to,BIO *from); +\& void BIO_ssl_shutdown(BIO *bio); +.Ve +.Vb 1 +\& #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_f_ssl()\fR returns the \s-1SSL\s0 \s-1BIO\s0 method. This is a filter \s-1BIO\s0 which +is a wrapper round the OpenSSL \s-1SSL\s0 routines adding a \s-1BIO\s0 \*(L"flavour\*(R" to +\&\s-1SSL\s0 I/O. +.PP +I/O performed on an \s-1SSL\s0 \s-1BIO\s0 communicates using the \s-1SSL\s0 protocol with +the SSLs read and write BIOs. If an \s-1SSL\s0 connection is not established +then an attempt is made to establish one on the first I/O call. +.PP +If a \s-1BIO\s0 is appended to an \s-1SSL\s0 \s-1BIO\s0 using \fIBIO_push()\fR it is automatically +used as the \s-1SSL\s0 BIOs read and write BIOs. +.PP +Calling \fIBIO_reset()\fR on an \s-1SSL\s0 \s-1BIO\s0 closes down any current \s-1SSL\s0 connection +by calling \fISSL_shutdown()\fR. \fIBIO_reset()\fR is then sent to the next \s-1BIO\s0 in +the chain: this will typically disconnect the underlying transport. +The \s-1SSL\s0 \s-1BIO\s0 is then reset to the initial accept or connect state. +.PP +If the close flag is set when an \s-1SSL\s0 \s-1BIO\s0 is freed then the internal +\&\s-1SSL\s0 structure is also freed using \fISSL_free()\fR. +.PP +\&\fIBIO_set_ssl()\fR sets the internal \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR to \fBssl\fR using +the close flag \fBc\fR. +.PP +\&\fIBIO_get_ssl()\fR retrieves the \s-1SSL\s0 pointer of \s-1BIO\s0 \fBb\fR, it can then be +manipulated using the standard \s-1SSL\s0 library functions. +.PP +\&\fIBIO_set_ssl_mode()\fR sets the \s-1SSL\s0 \s-1BIO\s0 mode to \fBclient\fR. If \fBclient\fR +is 1 client mode is set. If \fBclient\fR is 0 server mode is set. +.PP +\&\fIBIO_set_ssl_renegotiate_bytes()\fR sets the renegotiate byte count +to \fBnum\fR. When set after every \fBnum\fR bytes of I/O (read and write) +the \s-1SSL\s0 session is automatically renegotiated. \fBnum\fR must be at +least 512 bytes. +.PP +\&\fIBIO_set_ssl_renegotiate_timeout()\fR sets the renegotiate timeout to +\&\fBseconds\fR. When the renegotiate timeout elapses the session is +automatically renegotiated. +.PP +\&\fIBIO_get_num_renegotiates()\fR returns the total number of session +renegotiations due to I/O or timeout. +.PP +\&\fIBIO_new_ssl()\fR allocates an \s-1SSL\s0 \s-1BIO\s0 using \s-1SSL_CTX\s0 \fBctx\fR and using +client mode if \fBclient\fR is non zero. +.PP +\&\fIBIO_new_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting of an +\&\s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) followed by a connect \s-1BIO\s0. +.PP +\&\fIBIO_new_buffer_ssl_connect()\fR creates a new \s-1BIO\s0 chain consisting +of a buffering \s-1BIO\s0, an \s-1SSL\s0 \s-1BIO\s0 (using \fBctx\fR) and a connect +\&\s-1BIO\s0. +.PP +\&\fIBIO_ssl_copy_session_id()\fR copies an \s-1SSL\s0 session id between +\&\s-1BIO\s0 chains \fBfrom\fR and \fBto\fR. It does this by locating the +\&\s-1SSL\s0 BIOs in each chain and calling \fISSL_copy_session_id()\fR on +the internal \s-1SSL\s0 pointer. +.PP +\&\fIBIO_ssl_shutdown()\fR closes down an \s-1SSL\s0 connection on \s-1BIO\s0 +chain \fBbio\fR. It does this by locating the \s-1SSL\s0 \s-1BIO\s0 in the +chain and calling \fISSL_shutdown()\fR on its internal \s-1SSL\s0 +pointer. +.PP +\&\fIBIO_do_handshake()\fR attempts to complete an \s-1SSL\s0 handshake on the +supplied \s-1BIO\s0 and establish the \s-1SSL\s0 connection. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. If an \s-1SSL\s0 connection has +already been established this call has no effect. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL\s0 BIOs are exceptional in that if the underlying transport +is non blocking they can still request a retry in exceptional +circumstances. Specifically this will happen if a session +renegotiation takes place during a \fIBIO_read()\fR operation, one +case where this happens is when \s-1SGC\s0 or step up occurs. +.PP +In OpenSSL 0.9.6 and later the \s-1SSL\s0 flag \s-1SSL_AUTO_RETRY\s0 can be +set to disable this behaviour. That is when this flag is set +an \s-1SSL\s0 \s-1BIO\s0 using a blocking transport will never request a +retry. +.PP +Since unknown \fIBIO_ctrl()\fR operations are sent through filter +BIOs the servers name and port can be set using \fIBIO_set_host()\fR +on the \s-1BIO\s0 returned by \fIBIO_new_ssl_connect()\fR without having +to locate the connect \s-1BIO\s0 first. +.PP +Applications do not have to call \fIBIO_do_handshake()\fR but may wish +to do so to separate the handshake process from other I/O +processing. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1TBA\s0 +.SH "EXAMPLE" +.IX Header "EXAMPLE" +This \s-1SSL/TLS\s0 client example, attempts to retrieve a page from an +\&\s-1SSL/TLS\s0 web server. The I/O routines are identical to those of the +unencrypted example in BIO_s_connect(3). +.PP +.Vb 5 +\& BIO *sbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +.Ve +.Vb 3 +\& ERR_load_crypto_strings(); +\& ERR_load_SSL_strings(); +\& OpenSSL_add_all_algorithms(); +.Ve +.Vb 3 +\& /* We would seed the PRNG here if the platform didn't +\& * do it automatically +\& */ +.Ve +.Vb 1 +\& ctx = SSL_CTX_new(SSLv23_client_method()); +.Ve +.Vb 4 +\& /* We'd normally set some stuff like the verify paths and +\& * mode here because as things stand this will connect to +\& * any server whose certificate is signed by any CA. +\& */ +.Ve +.Vb 1 +\& sbio = BIO_new_ssl_connect(ctx); +.Ve +.Vb 1 +\& BIO_get_ssl(sbio, &ssl); +.Ve +.Vb 4 +\& if(!ssl) { +\& fprintf(stderr, "Can't locate SSL pointer\en"); +\& /* whatever ... */ +\& } +.Ve +.Vb 2 +\& /* Don't want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +.Ve +.Vb 1 +\& /* We might want to do other things with ssl here */ +.Ve +.Vb 1 +\& BIO_set_conn_hostname(sbio, "localhost:https"); +.Ve +.Vb 6 +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if(BIO_do_connect(sbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& /* whatever ... */ +\& } +.Ve +.Vb 5 +\& if(BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error establishing SSL connection\en"); +\& ERR_print_errors_fp(stderr); +\& /* whatever ... */ +\& } +.Ve +.Vb 1 +\& /* Could examine ssl here to get connection info */ +.Ve +.Vb 8 +\& BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +\& for(;;) { +\& len = BIO_read(sbio, tmpbuf, 1024); +\& if(len <= 0) break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free_all(sbio); +\& BIO_free(out); +.Ve +Here is a simple server example. It makes use of a buffering +\&\s-1BIO\s0 to allow lines to be read from the \s-1SSL\s0 \s-1BIO\s0 using BIO_gets. +It creates a pseudo web page containing the actual request from +a client and also echoes the request to standard output. +.PP +.Vb 5 +\& BIO *sbio, *bbio, *acpt, *out; +\& int len; +\& char tmpbuf[1024]; +\& SSL_CTX *ctx; +\& SSL *ssl; +.Ve +.Vb 3 +\& ERR_load_crypto_strings(); +\& ERR_load_SSL_strings(); +\& OpenSSL_add_all_algorithms(); +.Ve +.Vb 1 +\& /* Might seed PRNG here */ +.Ve +.Vb 1 +\& ctx = SSL_CTX_new(SSLv23_server_method()); +.Ve +.Vb 3 +\& if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) +\& || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) +\& || !SSL_CTX_check_private_key(ctx)) { +.Ve +.Vb 4 +\& fprintf(stderr, "Error setting up SSL_CTX\en"); +\& ERR_print_errors_fp(stderr); +\& return 0; +\& } +.Ve +.Vb 3 +\& /* Might do other things here like setting verify locations and +\& * DH and/or RSA temporary key callbacks +\& */ +.Ve +.Vb 2 +\& /* New SSL BIO setup as server */ +\& sbio=BIO_new_ssl(ctx,0); +.Ve +.Vb 1 +\& BIO_get_ssl(sbio, &ssl); +.Ve +.Vb 4 +\& if(!ssl) { +\& fprintf(stderr, "Can't locate SSL pointer\en"); +\& /* whatever ... */ +\& } +.Ve +.Vb 2 +\& /* Don't want any retries */ +\& SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); +.Ve +.Vb 1 +\& /* Create the buffering BIO */ +.Ve +.Vb 1 +\& bbio = BIO_new(BIO_f_buffer()); +.Ve +.Vb 2 +\& /* Add to chain */ +\& sbio = BIO_push(bbio, sbio); +.Ve +.Vb 1 +\& acpt=BIO_new_accept("4433"); +.Ve +.Vb 5 +\& /* By doing this when a new connection is established +\& * we automatically have sbio inserted into it. The +\& * BIO chain is now 'swallowed' by the accept BIO and +\& * will be freed when the accept BIO is freed. +\& */ +.Ve +.Vb 1 +\& BIO_set_accept_bios(acpt,sbio); +.Ve +.Vb 1 +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +.Ve +.Vb 6 +\& /* Setup accept BIO */ +\& if(BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error setting up accept BIO\en"); +\& ERR_print_errors_fp(stderr); +\& return 0; +\& } +.Ve +.Vb 6 +\& /* Now wait for incoming connection */ +\& if(BIO_do_accept(acpt) <= 0) { +\& fprintf(stderr, "Error in connection\en"); +\& ERR_print_errors_fp(stderr); +\& return 0; +\& } +.Ve +.Vb 3 +\& /* We only want one connection so remove and free +\& * accept BIO +\& */ +.Ve +.Vb 1 +\& sbio = BIO_pop(acpt); +.Ve +.Vb 1 +\& BIO_free_all(acpt); +.Ve +.Vb 5 +\& if(BIO_do_handshake(sbio) <= 0) { +\& fprintf(stderr, "Error in SSL handshake\en"); +\& ERR_print_errors_fp(stderr); +\& return 0; +\& } +.Ve +.Vb 3 +\& BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/html\er\en\er\en"); +\& BIO_puts(sbio, "<pre>\er\enConnection Established\er\enRequest headers:\er\en"); +\& BIO_puts(sbio, "--------------------------------------------------\er\en"); +.Ve +.Vb 8 +\& for(;;) { +\& len = BIO_gets(sbio, tmpbuf, 1024); +\& if(len <= 0) break; +\& BIO_write(sbio, tmpbuf, len); +\& BIO_write(out, tmpbuf, len); +\& /* Look for blank line signifying end of headers*/ +\& if((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en')) break; +\& } +.Ve +.Vb 2 +\& BIO_puts(sbio, "--------------------------------------------------\er\en"); +\& BIO_puts(sbio, "</pre>\er\en"); +.Ve +.Vb 2 +\& /* Since there is a buffering BIO present we had better flush it */ +\& BIO_flush(sbio); +.Ve +.Vb 1 +\& BIO_free_all(sbio); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 new file mode 100644 index 0000000..cbae24e --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -0,0 +1,242 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:39 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_FIND_TYPE 1" +.TH BIO_FIND_TYPE 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 2 +\& BIO * BIO_find_type(BIO *b,int bio_type); +\& BIO * BIO_next(BIO *b); +.Ve +.Vb 1 +\& #define BIO_method_type(b) ((b)->method->type) +.Ve +.Vb 3 +\& #define BIO_TYPE_NONE 0 +\& #define BIO_TYPE_MEM (1|0x0400) +\& #define BIO_TYPE_FILE (2|0x0400) +.Ve +.Vb 16 +\& #define BIO_TYPE_FD (4|0x0400|0x0100) +\& #define BIO_TYPE_SOCKET (5|0x0400|0x0100) +\& #define BIO_TYPE_NULL (6|0x0400) +\& #define BIO_TYPE_SSL (7|0x0200) +\& #define BIO_TYPE_MD (8|0x0200) +\& #define BIO_TYPE_BUFFER (9|0x0200) +\& #define BIO_TYPE_CIPHER (10|0x0200) +\& #define BIO_TYPE_BASE64 (11|0x0200) +\& #define BIO_TYPE_CONNECT (12|0x0400|0x0100) +\& #define BIO_TYPE_ACCEPT (13|0x0400|0x0100) +\& #define BIO_TYPE_PROXY_CLIENT (14|0x0200) +\& #define BIO_TYPE_PROXY_SERVER (15|0x0200) +\& #define BIO_TYPE_NBIO_TEST (16|0x0200) +\& #define BIO_TYPE_NULL_FILTER (17|0x0200) +\& #define BIO_TYPE_BER (18|0x0200) +\& #define BIO_TYPE_BIO (19|0x0400) +.Ve +.Vb 3 +\& #define BIO_TYPE_DESCRIPTOR 0x0100 +\& #define BIO_TYPE_FILTER 0x0200 +\& #define BIO_TYPE_SOURCE_SINK 0x0400 +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_find_type()\fR searches for a \s-1BIO\s0 of a given type in a chain, starting +at \s-1BIO\s0 \fBb\fR. If \fBtype\fR is a specific type (such as \s-1BIO_TYPE_MEM\s0) then a search +is made for a \s-1BIO\s0 of that type. If \fBtype\fR is a general type (such as +\&\fB\s-1BIO_TYPE_SOURCE_SINK\s0\fR) then the next matching \s-1BIO\s0 of the given general type is +searched for. \fIBIO_find_type()\fR returns the next matching \s-1BIO\s0 or \s-1NULL\s0 if none is +found. +.PP +Note: not all the \fBBIO_TYPE_*\fR types above have corresponding \s-1BIO\s0 implementations. +.PP +\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. It can be used to traverse all BIOs +in a chain or used in conjunction with \fIBIO_find_type()\fR to find all BIOs of a +certain type. +.PP +\&\fIBIO_method_type()\fR returns the type of a \s-1BIO\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_find_type()\fR returns a matching \s-1BIO\s0 or \s-1NULL\s0 for no match. +.PP +\&\fIBIO_next()\fR returns the next \s-1BIO\s0 in a chain. +.PP +\&\fIBIO_method_type()\fR returns the type of the \s-1BIO\s0 \fBb\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fIBIO_next()\fR was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a \s-1BIO\s0 +chain or find multiple matches using \fIBIO_find_type()\fR. Previous versions had to +use: +.PP +.Vb 1 +\& next = bio->next_bio; +.Ve +.SH "BUGS" +.IX Header "BUGS" +\&\fIBIO_find_type()\fR in OpenSSL 0.9.5a and earlier could not be safely passed a +\&\s-1NULL\s0 pointer for the \fBb\fR argument. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Traverse a chain looking for digest BIOs: +.PP +.Vb 2 +\& BIO *btmp; +\& btmp = in_bio; /* in_bio is chain to search through */ +.Ve +.Vb 5 +\& do { +\& btmp = BIO_find_type(btmp, BIO_TYPE_MD); +\& if(btmp == NULL) break; /* Not found */ +\& /* btmp is a digest BIO, do something with it ...*/ +\& ... +.Ve +.Vb 2 +\& btmp = BIO_next(btmp); +\& } while(btmp); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 new file mode 100644 index 0000000..5ba7614 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:41 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_NEW 1" +.TH BIO_NEW 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 5 +\& BIO * BIO_new(BIO_METHOD *type); +\& int BIO_set(BIO *a,BIO_METHOD *type); +\& int BIO_free(BIO *a); +\& void BIO_vfree(BIO *a); +\& void BIO_free_all(BIO *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_new()\fR function returns a new \s-1BIO\s0 using method \fBtype\fR. +.PP +\&\fIBIO_set()\fR sets the method of an already existing \s-1BIO\s0. +.PP +\&\fIBIO_free()\fR frees up a single \s-1BIO\s0, \fIBIO_vfree()\fR also frees up a single \s-1BIO\s0 +but it does not return a value. Calling \fIBIO_free()\fR may also have some effect +on the underlying I/O structure, for example it may close the file being +referred to under certain circumstances. For more details see the individual +\&\s-1BIO_METHOD\s0 descriptions. +.PP +\&\fIBIO_free_all()\fR frees up an entire \s-1BIO\s0 chain, it does not halt if an error +occurs freeing up an individual \s-1BIO\s0 in the chain. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_new()\fR returns a newly created \s-1BIO\s0 or \s-1NULL\s0 if the call fails. +.PP +\&\fIBIO_set()\fR, \fIBIO_free()\fR return 1 for success and 0 for failure. +.PP +\&\fIBIO_free_all()\fR and \fIBIO_vfree()\fR do not return values. +.SH "NOTES" +.IX Header "NOTES" +Some BIOs (such as memory BIOs) can be used immediately after calling +\&\fIBIO_new()\fR. Others (such as file BIOs) need some additional initialization, +and frequently a utility function exists to create and initialize such BIOs. +.PP +If \fIBIO_free()\fR is called on a \s-1BIO\s0 chain it will only free one \s-1BIO\s0 resulting +in a memory leak. +.PP +Calling \fIBIO_free_all()\fR a single \s-1BIO\s0 has the same effect as calling \fIBIO_free()\fR +on it other than the discarded return value. +.PP +Normally the \fBtype\fR argument is supplied by a function which returns a +pointer to a \s-1BIO_METHOD\s0. There is a naming convention for such functions: +a source/sink \s-1BIO\s0 is normally called BIO_s_*() and a filter \s-1BIO\s0 +BIO_f_*(); +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Create a memory \s-1BIO:\s0 +.PP +.Vb 1 +\& BIO *mem = BIO_new(BIO_s_mem()); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_new_bio_pair.3 b/secure/lib/libcrypto/man/BIO_new_bio_pair.3 new file mode 100644 index 0000000..dfd40ff --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_new_bio_pair.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:43 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_NEW_BIO_PAIR 1" +.TH BIO_NEW_BIO_PAIR 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_new_bio_pair \- create a new \s-1BIO\s0 pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_new_bio_pair()\fR creates a buffering \s-1BIO\s0 pair. It has two endpoints between +data can be buffered. Its typical use is to connect one endpoint as underlying +input/output \s-1BIO\s0 to an \s-1SSL\s0 and access the other one controlled by the program +instead of accessing the network connection directly. +.PP +The two new BIOs \fBbio1\fR and \fBbio2\fR are symmetric with respect to their +functionality. The size of their buffers is determined by \fBwritebuf1\fR and +\&\fBwritebuf2\fR. If the size give is 0, the default size is used. +.PP +\&\fIBIO_new_bio_pair()\fR does not check whether \fBbio1\fR or \fBbio2\fR do point to +some other \s-1BIO\s0, the values are overwritten, \fIBIO_free()\fR is not called. +.PP +The two BIOs, even though forming a \s-1BIO\s0 pair and must be \fIBIO_free()\fR'ed +separately. This can be of importance, as some SSL-functions like \fISSL_set_bio()\fR +or \fISSL_free()\fR call \fIBIO_free()\fR implicitly, so that the peer-BIO is left +untouched and must also be \fIBIO_free()\fR'ed. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +The \s-1BIO\s0 pair can be used to have full control over the network access of an +application. The application can call \fIselect()\fR on the socket as required +without having to go through the SSL-interface. +.PP +.Vb 6 +\& BIO *internal_bio, *network_bio; +\& ... +\& BIO_new_bio_pair(internal_bio, 0, network_bio, 0); +\& SSL_set_bio(ssl, internal_bio); +\& SSL_operations(); +\& ... +.Ve +.Vb 9 +\& application | TLS-engine +\& | | +\& +----------> SSL_operations() +\& | /\e || +\& | || \e/ +\& | BIO-pair (internal_bio) +\& +----------< BIO-pair (network_bio) +\& | | +\& socket | +.Ve +.Vb 4 +\& ... +\& SSL_free(ssl); /* implicitly frees internal_bio */ +\& BIO_free(network_bio); +\& ... +.Ve +As the \s-1BIO\s0 pair will only buffer the data and never directly access the +connection, it behaves non-blocking and will return as soon as the write +buffer is full or the read buffer is drained. Then the application has to +flush the write buffer and/or fill the read buffer. +.PP +Use the \fIBIO_ctrl_pending()\fR, to find out whether data is buffered in the \s-1BIO\s0 +and must be transfered to the network. Use \fIBIO_ctrl_get_read_request()\fR to +find out, how many bytes must be written into the buffer before the +\&\fISSL_operation()\fR can successfully be continued. +.SH "IMPORTANT" +.IX Header "IMPORTANT" +As the data is buffered, \fISSL_operation()\fR may return with a \s-1ERROR_SSL_WANT_READ\s0 +condition, but there is still data in the write buffer. An application must +not rely on the error value of \fISSL_operation()\fR but must assure that the +write buffer is always flushed first. Otherwise a deadlock may occur as +the peer might be waiting for the data before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The \s-1BIO\s0 pair was created successfully. The new BIOs are available in +\&\fBbio1\fR and \fBbio2\fR. +.Ip "0" 4 +The operation failed. The \s-1NULL\s0 pointer is stored into the locations for +\&\fBbio1\fR and \fBbio2\fR. Check the error stack for more information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_set_bio(3), ssl(3), bio(3), +BIO_ctrl_pending(3), +BIO_ctrl_get_read_request(3) diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 new file mode 100644 index 0000000..b3068f0 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:46 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_PUSH 1" +.TH BIO_PUSH 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_push, BIO_pop \- add and remove BIOs from a chain. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 2 +\& BIO * BIO_push(BIO *b,BIO *append); +\& BIO * BIO_pop(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIBIO_push()\fR function appends the \s-1BIO\s0 \fBappend\fR to \fBb\fR, it returns +\&\fBb\fR. +.PP +\&\fIBIO_pop()\fR removes the \s-1BIO\s0 \fBb\fR from a chain and returns the next \s-1BIO\s0 +in the chain, or \s-1NULL\s0 if there is no next \s-1BIO\s0. The removed \s-1BIO\s0 then +becomes a single \s-1BIO\s0 with no association with the original chain, +it can thus be freed or attached to a different chain. +.SH "NOTES" +.IX Header "NOTES" +The names of these functions are perhaps a little misleading. \fIBIO_push()\fR +joins two \s-1BIO\s0 chains whereas \fIBIO_pop()\fR deletes a single \s-1BIO\s0 from a chain, +the deleted \s-1BIO\s0 does not need to be at the end of a chain. +.PP +The process of calling \fIBIO_push()\fR and \fIBIO_pop()\fR on a \s-1BIO\s0 may have additional +consequences (a control call is made to the affected BIOs) any effects will +be noted in the descriptions of individual BIOs. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +For these examples suppose \fBmd1\fR and \fBmd2\fR are digest BIOs, \fBb64\fR is +a base64 \s-1BIO\s0 and \fBf\fR is a file \s-1BIO\s0. +.PP +If the call: +.PP +.Vb 1 +\& BIO_push(b64, f); +.Ve +is made then the new chain will be \fBb64\-chain\fR. After making the calls +.PP +.Vb 2 +\& BIO_push(md2, b64); +\& BIO_push(md1, md2); +.Ve +the new chain is \fBmd1\-md2\-b64\-f\fR. Data written to \fBmd1\fR will be digested +by \fBmd1\fR and \fBmd2\fR, \fBbase64\fR encoded and written to \fBf\fR. +.PP +It should be noted that reading causes data to pass in the reverse +direction, that is data is read from \fBf\fR, base64 \fBdecoded\fR and digested +by \fBmd1\fR and \fBmd2\fR. If the call: +.PP +.Vb 1 +\& BIO_pop(md2); +.Ve +The call will return \fBb64\fR and the new chain will be \fBmd1\-b64\-f\fR data can +be written to \fBmd1\fR as before. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_push()\fR returns the end of the chain, \fBb\fR. +.PP +\&\fIBIO_pop()\fR returns the next \s-1BIO\s0 in the chain, or \s-1NULL\s0 if there is no next +\&\s-1BIO\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 new file mode 100644 index 0000000..9b0b5ba --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -0,0 +1,203 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:48 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_READ 1" +.TH BIO_READ 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 4 +\& int BIO_read(BIO *b, void *buf, int len); +\& int BIO_gets(BIO *b,char *buf, int size); +\& int BIO_write(BIO *b, const void *buf, int len); +\& int BIO_puts(BIO *b,const char *buf); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_read()\fR attempts to read \fBlen\fR bytes from \s-1BIO\s0 \fBb\fR and places +the data in \fBbuf\fR. +.PP +\&\fIBIO_gets()\fR performs the BIOs \*(L"gets\*(R" operation and places the data +in \fBbuf\fR. Usually this operation will attempt to read a line of data +from the \s-1BIO\s0 of maximum length \fBlen\fR. There are exceptions to this +however, for example \fIBIO_gets()\fR on a digest \s-1BIO\s0 will calculate and +return the digest and other BIOs may not support \fIBIO_gets()\fR at all. +.PP +\&\fIBIO_write()\fR attempts to write \fBlen\fR bytes from \fBbuf\fR to \s-1BIO\s0 \fBb\fR. +.PP +\&\fIBIO_puts()\fR attempts to write a null terminated string \fBbuf\fR to \s-1BIO\s0 \fBb\fR +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +All these functions return either the amount of data successfully read or +written (if the return value is positive) or that no data was successfully +read or written if the result is 0 or \-1. If the return value is \-2 then +the operation is not implemented in the specific \s-1BIO\s0 type. +.SH "NOTES" +.IX Header "NOTES" +A 0 or \-1 return is not necessarily an indication of an error. In +particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.PP +One technique sometimes used with blocking sockets is to use a system call +(such as \fIselect()\fR, \fIpoll()\fR or equivalent) to determine when data is available +and then call \fIread()\fR to read the data. The equivalent with BIOs (that is call +\&\fIselect()\fR on the underlying I/O structure and then call \fIBIO_read()\fR to +read the data) should \fBnot\fR be used because a single call to \fIBIO_read()\fR +can cause several reads (and writes in the case of \s-1SSL\s0 BIOs) on the underlying +I/O structure and may block as a result. Instead \fIselect()\fR (or equivalent) +should be combined with non blocking I/O so successive reads will request +a retry instead of blocking. +.PP +See BIO_should_retry(3) for details of how to +determine the cause of a retry and other I/O issues. +.PP +If the \fIBIO_gets()\fR function is not supported by a \s-1BIO\s0 then it possible to +work around this by adding a buffering \s-1BIO\s0 BIO_f_buffer(3) +to the chain. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +BIO_should_retry(3) +.PP +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 new file mode 100644 index 0000000..44fa90d --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -0,0 +1,332 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:50 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_ACCEPT 1" +.TH BIO_S_ACCEPT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port, +BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode, +BIO_get_bind_mode, BIO_do_accept \- accept \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_s_accept(void); +.Ve +.Vb 2 +\& #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) +\& #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) +.Ve +.Vb 1 +\& BIO *BIO_new_accept(char *host_port); +.Ve +.Vb 2 +\& #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) +\& #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) +.Ve +.Vb 2 +\& #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) +\& #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) +.Ve +.Vb 3 +\& #define BIO_BIND_NORMAL 0 +\& #define BIO_BIND_REUSEADDR_IF_UNUSED 1 +\& #define BIO_BIND_REUSEADDR 2 +.Ve +.Vb 1 +\& #define BIO_do_accept(b) BIO_do_handshake(b) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_accept()\fR returns the accept \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket accept routines. +.PP +Using accept BIOs \s-1TCP/IP\s0 connections can be accepted and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on an accept \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port (see below) is set up properly then the \s-1BIO\s0 +waits for an incoming connection. +.PP +Accept BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +.PP +If the close flag is set on an accept \s-1BIO\s0 then any active +connection on that chain is shutdown and the socket closed when +the \s-1BIO\s0 is freed. +.PP +Calling \fIBIO_reset()\fR on a accept \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it awaits another +incoming connection. +.PP +\&\fIBIO_get_fd()\fR and \fIBIO_set_fd()\fR can be called to retrieve or set +the accept socket. See BIO_s_fd(3) +.PP +\&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept +port. The port is represented as a string of the form \*(L"host:port\*(R", +where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. +Either or both values can be \*(L"*\*(R" which is interpreted as meaning +any interface or port respectively. \*(L"port\*(R" has the same syntax +as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs, +that is it can be a numerical port string or a string to lookup +using \fIgetservbyname()\fR and a string table. +.PP +\&\fIBIO_new_accept()\fR combines \fIBIO_new()\fR and \fIBIO_set_accept_port()\fR into +a single call: that is it creates a new accept \s-1BIO\s0 with port +\&\fBhost_port\fR. +.PP +\&\fIBIO_set_nbio_accept()\fR sets the accept socket to blocking mode +(the default) if \fBn\fR is 0 or non blocking mode if \fBn\fR is 1. +.PP +\&\fIBIO_set_accept_bios()\fR can be used to set a chain of BIOs which +will be duplicated and prepended to the chain when an incoming +connection is received. This is useful if, for example, a +buffering or \s-1SSL\s0 \s-1BIO\s0 is required for each connection. The +chain of BIOs must not be freed after this call, they will +be automatically freed when the accept \s-1BIO\s0 is freed. +.PP +\&\fIBIO_set_bind_mode()\fR and \fIBIO_get_bind_mode()\fR set and retrieve +the current bind mode. If \s-1BIO_BIND_NORMAL\s0 (the default) is set +then another socket cannot be bound to the same port. If +\&\s-1BIO_BIND_REUSEADDR\s0 is set then other sockets can bind to the +same port. If \s-1BIO_BIND_REUSEADDR_IF_UNUSED\s0 is set then and +attempt is first made to use \s-1BIO_BIN_NORMAL\s0, if this fails +and the port is not in use then a second attempt is made +using \s-1BIO_BIND_REUSEADDR\s0. +.PP +\&\fIBIO_do_accept()\fR serves two functions. When it is first +called, after the accept \s-1BIO\s0 has been setup, it will attempt +to create the accept socket and bind an address to it. Second +and subsequent calls to \fIBIO_do_accept()\fR will await an incoming +connection. +.SH "NOTES" +.IX Header "NOTES" +When an accept \s-1BIO\s0 is at the end of a chain it will await an +incoming connection before processing I/O calls. When an accept +\&\s-1BIO\s0 is not at then end of a chain it passes I/O calls to the next +\&\s-1BIO\s0 in the chain. +.PP +When a connection is established a new socket \s-1BIO\s0 is created for +the connection and appended to the chain. That is the chain is now +accept->socket. This effectively means that attempting I/O on +an initial accept socket will await an incoming connection then +perform I/O on it. +.PP +If any additional BIOs have been set using \fIBIO_set_accept_bios()\fR +then they are placed between the socket and the accept \s-1BIO\s0, +that is the chain will be accept->otherbios->socket. +.PP +If a server wishes to process multiple connections (as is normally +the case) then the accept \s-1BIO\s0 must be made available for further +incoming connections. This can be done by waiting for a connection and +then calling: +.PP +.Vb 1 +\& connection = BIO_pop(accept); +.Ve +After this call \fBconnection\fR will contain a \s-1BIO\s0 for the recently +established connection and \fBaccept\fR will now be a single \s-1BIO\s0 +again which can be used to await further incoming connections. +If no further connections will be accepted the \fBaccept\fR can +be freed using \fIBIO_free()\fR. +.PP +If only a single connection will be processed it is possible to +perform I/O using the accept \s-1BIO\s0 itself. This is often undesirable +however because the accept \s-1BIO\s0 will still accept additional incoming +connections. This can be resolved by using \fIBIO_pop()\fR (see above) +and freeing up the accept \s-1BIO\s0 after the initial connection. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\s-1TBA\s0 +.SH "EXAMPLE" +.IX Header "EXAMPLE" +This example accepts two connections on port 4444, sends messages +down each and finally closes both down. +.PP +.Vb 3 +\& BIO *abio, *cbio, *cbio2; +\& ERR_load_crypto_strings(); +\& abio = BIO_new_accept("4444"); +.Ve +.Vb 6 +\& /* First call to BIO_accept() sets up accept BIO */ +\& if(BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error setting up accept\en"); +\& ERR_print_errors_fp(stderr); +\& exit(0); +\& } +.Ve +.Vb 23 +\& /* Wait for incoming connection */ +\& if(BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(0); +\& } +\& fprintf(stderr, "Connection 1 established\en"); +\& /* Retrieve BIO for connection */ +\& cbio = BIO_pop(abio); +\& BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +\& fprintf(stderr, "Sent out data on connection 1\en"); +\& /* Wait for another connection */ +\& if(BIO_do_accept(abio) <= 0) { +\& fprintf(stderr, "Error accepting connection\en"); +\& ERR_print_errors_fp(stderr); +\& exit(0); +\& } +\& fprintf(stderr, "Connection 2 established\en"); +\& /* Close accept BIO to refuse further connections */ +\& cbio2 = BIO_pop(abio); +\& BIO_free(abio); +\& BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +\& fprintf(stderr, "Sent out data on connection 2\en"); +.Ve +.Vb 4 +\& BIO_puts(cbio, "Connection 1: Second connection established\en"); +\& /* Close the two established connections */ +\& BIO_free(cbio); +\& BIO_free(cbio2); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 new file mode 100644 index 0000000..69d0a7f --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -0,0 +1,272 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:53 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_BIO 1" +.TH BIO_S_BIO 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, +BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair, +BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request, +BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request \- \s-1BIO\s0 pair \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD *BIO_s_bio(void); +.Ve +.Vb 2 +\& #define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) +\& #define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) +.Ve +.Vb 1 +\& #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) +.Ve +.Vb 2 +\& #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) +\& #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) +.Ve +.Vb 1 +\& int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2); +.Ve +.Vb 2 +\& #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) +\& size_t BIO_ctrl_get_write_guarantee(BIO *b); +.Ve +.Vb 2 +\& #define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) +\& size_t BIO_ctrl_get_read_request(BIO *b); +.Ve +.Vb 1 +\& int BIO_ctrl_reset_read_request(BIO *b); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_bio()\fR returns the method for a \s-1BIO\s0 pair. A \s-1BIO\s0 pair is a pair of source/sink +BIOs where data written to either half of the pair is buffered and can be read from +the other half. Both halves must usually by handled by the same application thread +since no locking is done on the internal data structures. +.PP +Since \s-1BIO\s0 chains typically end in a source/sink \s-1BIO\s0 it is possible to make this +one half of a \s-1BIO\s0 pair and have all the data processed by the chain under application +control. +.PP +One typical use of \s-1BIO\s0 pairs is to place \s-1TLS/SSL\s0 I/O under application control, this +can be used when the application wishes to use a non standard transport for +\&\s-1TLS/SSL\s0 or the normal socket routines are inappropriate. +.PP +Calls to \fIBIO_read()\fR will read data from the buffer or request a retry if no +data is available. +.PP +Calls to \fIBIO_write()\fR will place data in the buffer or request a retry if the +buffer is full. +.PP +The standard calls \fIBIO_ctrl_pending()\fR and \fIBIO_ctrl_wpending()\fR can be used to +determine the amount of pending data in the read or write buffer. +.PP +\&\fIBIO_reset()\fR clears any data in the write buffer. +.PP +\&\fIBIO_make_bio_pair()\fR joins two separate BIOs into a connected pair. +.PP +\&\fIBIO_destroy_pair()\fR destroys the association between two connected BIOs. Freeing +up any half of the pair will automatically destroy the association. +.PP +\&\fIBIO_shutdown_wr()\fR is used to close down a \s-1BIO\s0 \fBb\fR. After this call no further +writes on \s-1BIO\s0 \fBb\fR are allowed (they will return an error). Reads on the other +half of the pair will return any pending data or \s-1EOF\s0 when all pending data has +been read. +.PP +\&\fIBIO_set_write_buf_size()\fR sets the write buffer size of \s-1BIO\s0 \fBb\fR to \fBsize\fR. +If the size is not initialized a default value is used. This is currently +17K, sufficient for a maximum size \s-1TLS\s0 record. +.PP +\&\fIBIO_get_write_buf_size()\fR returns the size of the write buffer. +.PP +\&\fIBIO_new_bio_pair()\fR combines the calls to \fIBIO_new()\fR, \fIBIO_make_bio_pair()\fR and +\&\fIBIO_set_write_buf_size()\fR to create a connected pair of BIOs \fBbio1\fR, \fBbio2\fR +with write buffer sizes \fBwritebuf1\fR and \fBwritebuf2\fR. If either size is +zero then the default size is used. +.PP +\&\fIBIO_get_write_guarantee()\fR and \fIBIO_ctrl_get_write_guarantee()\fR return the maximum +length of data that can be currently written to the \s-1BIO\s0. Writes larger than this +value will return a value from \fIBIO_write()\fR less than the amount requested or if the +buffer is full request a retry. \fIBIO_ctrl_get_write_guarantee()\fR is a function +whereas \fIBIO_get_write_guarantee()\fR is a macro. +.PP +\&\fIBIO_get_read_request()\fR and \fIBIO_ctrl_get_read_request()\fR return the +amount of data requested, or the buffer size if it is less, if the +last read attempt at the other half of the \s-1BIO\s0 pair failed due to an +empty buffer. This can be used to determine how much data should be +written to the \s-1BIO\s0 so the next read will succeed: this is most useful +in \s-1TLS/SSL\s0 applications where the amount of data read is usually +meaningful rather than just a buffer size. After a successful read +this call will return zero. It also will return zero once new data +has been written satisfying the read request or part of it. +Note that \fIBIO_get_read_request()\fR never returns an amount larger +than that returned by \fIBIO_get_write_guarantee()\fR. +.PP +\&\fIBIO_ctrl_reset_read_request()\fR can also be used to reset the value returned by +\&\fIBIO_get_read_request()\fR to zero. +.SH "NOTES" +.IX Header "NOTES" +Both halves of a \s-1BIO\s0 pair should be freed. That is even if one half is implicit +freed due to a \fIBIO_free_all()\fR or \fISSL_free()\fR call the other half needs to be freed. +.PP +When used in bidirectional applications (such as \s-1TLS/SSL\s0) care should be taken to +flush any data in the write buffer. This can be done by calling \fIBIO_pending()\fR +on the other half of the pair and, if any data is pending, reading it and sending +it to the underlying transport. This must be done before any normal processing +(such as calling \fIselect()\fR ) due to a request and \fIBIO_should_read()\fR being true. +.PP +To see why this is important consider a case where a request is sent using +\&\fIBIO_write()\fR and a response read with \fIBIO_read()\fR, this can occur during an +\&\s-1TLS/SSL\s0 handshake for example. \fIBIO_write()\fR will succeed and place data in the write +buffer. \fIBIO_read()\fR will initially fail and \fIBIO_should_read()\fR will be true. If +the application then waits for data to be available on the underlying transport +before flushing the write buffer it will never succeed because the request was +never sent! +.SH "EXAMPLE" +.IX Header "EXAMPLE" +\&\s-1TBA\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_set_bio(3), ssl(3), bio(3), +BIO_should_retry(3), BIO_read(3) diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 new file mode 100644 index 0000000..fea15cb --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -0,0 +1,321 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:55 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_CONNECT 1" +.TH BIO_S_CONNECT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port, +BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname, +BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port, +BIO_set_nbio, BIO_do_connect \- connect \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_s_connect(void); +.Ve +.Vb 8 +\& #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) +\& #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) +\& #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) +\& #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) +\& #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) +\& #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) +\& #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) +\& #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) +.Ve +.Vb 1 +\& #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) +.Ve +.Vb 1 +\& #define BIO_do_connect(b) BIO_do_handshake(b) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. This is a wrapper +round the platform's \s-1TCP/IP\s0 socket connection routines. +.PP +Using connect BIOs \s-1TCP/IP\s0 connections can be made and data +transferred using only \s-1BIO\s0 routines. In this way any platform +specific operations are hidden by the \s-1BIO\s0 abstraction. +.PP +Read and write operations on a connect \s-1BIO\s0 will perform I/O +on the underlying connection. If no connection is established +and the port and hostname (see below) is set up properly then +a connection is established first. +.PP +Connect BIOs support \fIBIO_puts()\fR but not \fIBIO_gets()\fR. +.PP +If the close flag is set on a connect \s-1BIO\s0 then any active +connection is shutdown and the socket closed when the \s-1BIO\s0 +is freed. +.PP +Calling \fIBIO_reset()\fR on a connect \s-1BIO\s0 will close any active +connection and reset the \s-1BIO\s0 into a state where it can connect +to the same host again. +.PP +\&\fIBIO_get_fd()\fR places the underlying socket in \fBc\fR if it is not \s-1NULL\s0, +it also returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of +type (int *). +.PP +\&\fIBIO_set_conn_hostname()\fR uses the string \fBname\fR to set the hostname +The hostname can be an \s-1IP\s0 address. The hostname can also include the +port in the form hostname:port . It is also acceptable to use the +form \*(L"hostname/any/other/path\*(R" or \*(L"hostname:port/any/other/path\*(R". +.PP +\&\fIBIO_set_conn_port()\fR sets the port to \fBport\fR. \fBport\fR can be the +numerical form or a string such as \*(L"http\*(R". A string will be looked +up first using \fIgetservbyname()\fR on the host platform but if that +fails a standard table of port names will be used. Currently the +list is http, telnet, socks, https, ssl, ftp, gopher and wais. +.PP +\&\fIBIO_set_conn_ip()\fR sets the \s-1IP\s0 address to \fBip\fR using binary form, +that is four bytes specifying the \s-1IP\s0 address in big-endian form. +.PP +\&\fIBIO_set_conn_int_port()\fR sets the port using \fBport\fR. \fBport\fR should +be of type (int *). +.PP +\&\fIBIO_get_conn_hostname()\fR returns the hostname of the connect \s-1BIO\s0 or +\&\s-1NULL\s0 if the \s-1BIO\s0 is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.PP +\&\fIBIO_get_conn_port()\fR returns the port as a string. +.PP +\&\fIBIO_get_conn_ip()\fR returns the \s-1IP\s0 address in binary form. +.PP +\&\fIBIO_get_conn_int_port()\fR returns the port as an int. +.PP +\&\fIBIO_set_nbio()\fR sets the non blocking I/O flag to \fBn\fR. If \fBn\fR is +zero then blocking I/O is set. If \fBn\fR is 1 then non blocking I/O +is set. Blocking I/O is the default. The call to \fIBIO_set_nbio()\fR +should be made before the connection is established because +non blocking I/O is set during the connect process. +.PP +\&\fIBIO_do_connect()\fR attempts to connect the supplied \s-1BIO\s0. It returns 1 +if the connection was established successfully. A zero or negative +value is returned if the connection could not be established, the +call \fIBIO_should_retry()\fR should be used for non blocking connect BIOs +to determine if the call should be retried. +.SH "NOTES" +.IX Header "NOTES" +If blocking I/O is set then a non positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.PP +If the port name is supplied as part of the host name then this will +override any value set with \fIBIO_set_conn_port()\fR. This may be undesirable +if the application does not wish to allow connection to arbitrary +ports. This can be avoided by checking for the presence of the ':' +character in the passed hostname and either indicating an error or +truncating the string at that point. +.PP +The values returned by \fIBIO_get_conn_hostname()\fR, \fIBIO_get_conn_port()\fR, +\&\fIBIO_get_conn_ip()\fR and \fIBIO_get_conn_int_port()\fR are updated when a +connection attempt is made. Before any connection attempt the values +returned are those set by the application itself. +.PP +Applications do not have to call \fIBIO_do_connect()\fR but may wish to do +so to separate the connection process from other I/O processing. +.PP +If non blocking I/O is set then retries will be requested as appropriate. +.PP +It addition to \fIBIO_should_read()\fR and \fIBIO_should_write()\fR it is also +possible for \fIBIO_should_io_special()\fR to be true during the initial +connection process with the reason \s-1BIO_RR_CONNECT\s0. If this is returned +then this is an indication that a connection attempt would block, +the application should then take appropriate action to wait until +the underlying socket has connected and retry the call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_connect()\fR returns the connect \s-1BIO\s0 method. +.PP +\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fIBIO_set_conn_hostname()\fR, \fIBIO_set_conn_port()\fR, \fIBIO_set_conn_ip()\fR and +\&\fIBIO_set_conn_int_port()\fR always return 1. +.PP +\&\fIBIO_get_conn_hostname()\fR returns the connected hostname or \s-1NULL\s0 is +none was set. +.PP +\&\fIBIO_get_conn_port()\fR returns a string representing the connected +port or \s-1NULL\s0 if not set. +.PP +\&\fIBIO_get_conn_ip()\fR returns a pointer to the connected \s-1IP\s0 address in +binary form or all zeros if not set. +.PP +\&\fIBIO_get_conn_int_port()\fR returns the connected port or 0 if none was +set. +.PP +\&\fIBIO_set_nbio()\fR always returns 1. +.PP +\&\fIBIO_do_connect()\fR returns 1 if the connection was successfully +established and 0 or \-1 if the connection failed. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +This is example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.PP +.Vb 19 +\& BIO *cbio, *out; +\& int len; +\& char tmpbuf[1024]; +\& ERR_load_crypto_strings(); +\& cbio = BIO_new_connect("localhost:http"); +\& out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& if(BIO_do_connect(cbio) <= 0) { +\& fprintf(stderr, "Error connecting to server\en"); +\& ERR_print_errors_fp(stderr); +\& /* whatever ... */ +\& } +\& BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +\& for(;;) { +\& len = BIO_read(cbio, tmpbuf, 1024); +\& if(len <= 0) break; +\& BIO_write(out, tmpbuf, len); +\& } +\& BIO_free(cbio); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 new file mode 100644 index 0000000..9732cc1 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:58 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_FD 1" +.TH BIO_S_FD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_s_fd(void); +.Ve +.Vb 2 +\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +.Ve +.Vb 1 +\& BIO *BIO_new_fd(int fd, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. This is a wrapper +round the platforms file descriptor routines such as \fIread()\fR and \fIwrite()\fR. +.PP +\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying descriptor. +\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +.PP +If the close flag is set then then \fIclose()\fR is called on the underlying +file descriptor when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +using lseek(fd, 0, 0). +.PP +\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using lseek(fd, ofs, 0). +.PP +\&\fIBIO_tell()\fR returns the current file position by calling lseek(fd, 0, 1). +.PP +\&\fIBIO_set_fd()\fR sets the file descriptor of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fIBIO_get_fd()\fR places the file descriptor in \fBc\fR if it is not \s-1NULL\s0, it also +returns the file descriptor. If \fBc\fR is not \s-1NULL\s0 it should be of type +(int *). +.PP +\&\fIBIO_new_fd()\fR returns a file descriptor \s-1BIO\s0 using \fBfd\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fIBIO_read()\fR and \fIBIO_write()\fR depends on the behavior of the +platforms \fIread()\fR and \fIwrite()\fR calls on the descriptor. If the underlying +file descriptor is in a non blocking mode then the \s-1BIO\s0 will behave in the +manner described in the BIO_read(3) and BIO_should_retry(3) +manual pages. +.PP +File descriptor BIOs should not be used for socket I/O. Use socket BIOs +instead. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_fd()\fR returns the file descriptor \s-1BIO\s0 method. +.PP +\&\fIBIO_reset()\fR returns zero for success and \-1 if an error occurred. +\&\fIBIO_seek()\fR and \fIBIO_tell()\fR return the current file position or \-1 +is an error occurred. These values reflect the underlying \fIlseek()\fR +behaviour. +.PP +\&\fIBIO_set_fd()\fR always returns 1. +.PP +\&\fIBIO_get_fd()\fR returns the file descriptor or \-1 if the \s-1BIO\s0 has not +been initialized. +.PP +\&\fIBIO_new_fd()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +This is a file descriptor \s-1BIO\s0 version of \*(L"Hello World\*(R": +.PP +.Vb 4 +\& BIO *out; +\& out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +BIO_seek(3), BIO_tell(3), +BIO_reset(3), BIO_read(3), +BIO_write(3), BIO_puts(3), +BIO_gets(3), BIO_printf(3), +BIO_set_close(3), BIO_get_close(3) diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 new file mode 100644 index 0000000..aaabae9 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -0,0 +1,286 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:00 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_FILE 1" +.TH BIO_S_FILE 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp, +BIO_read_filename, BIO_write_filename, BIO_append_filename, +BIO_rw_filename \- \s-1FILE\s0 bio +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 3 +\& BIO_METHOD * BIO_s_file(void); +\& BIO *BIO_new_file(const char *filename, const char *mode); +\& BIO *BIO_new_fp(FILE *stream, int flags); +.Ve +.Vb 2 +\& BIO_set_fp(BIO *b,FILE *fp, int flags); +\& BIO_get_fp(BIO *b,FILE **fpp); +.Ve +.Vb 4 +\& int BIO_read_filename(BIO *b, char *name) +\& int BIO_write_filename(BIO *b, char *name) +\& int BIO_append_filename(BIO *b, char *name) +\& int BIO_rw_filename(BIO *b, char *name) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_file()\fR returns the \s-1BIO\s0 file method. As its name implies it +is a wrapper round the stdio \s-1FILE\s0 structure and it is a +source/sink \s-1BIO\s0. +.PP +Calls to \fIBIO_read()\fR and \fIBIO_write()\fR read and write data to the +underlying stream. \fIBIO_gets()\fR and \fIBIO_puts()\fR are supported on file BIOs. +.PP +\&\fIBIO_flush()\fR on a file \s-1BIO\s0 calls the \fIfflush()\fR function on the wrapped +stream. +.PP +\&\fIBIO_reset()\fR attempts to change the file pointer to the start of file +using fseek(stream, 0, 0). +.PP +\&\fIBIO_seek()\fR sets the file pointer to position \fBofs\fR from start of file +using fseek(stream, ofs, 0). +.PP +\&\fIBIO_eof()\fR calls \fIfeof()\fR. +.PP +Setting the \s-1BIO_CLOSE\s0 flag calls \fIfclose()\fR on the stream when the \s-1BIO\s0 +is freed. +.PP +\&\fIBIO_new_file()\fR creates a new file \s-1BIO\s0 with mode \fBmode\fR the meaning +of \fBmode\fR is the same as the stdio function \fIfopen()\fR. The \s-1BIO_CLOSE\s0 +flag is set on the returned \s-1BIO\s0. +.PP +\&\fIBIO_new_fp()\fR creates a file \s-1BIO\s0 wrapping \fBstream\fR. Flags can be: +\&\s-1BIO_CLOSE\s0, \s-1BIO_NOCLOSE\s0 (the close flag) \s-1BIO_FP_TEXT\s0 (sets the underlying +stream to text mode, default is binary: this only has any effect under +Win32). +.PP +\&\fIBIO_set_fp()\fR set the fp of a file \s-1BIO\s0 to \fBfp\fR. \fBflags\fR has the same +meaning as in \fIBIO_new_fp()\fR, it is a macro. +.PP +\&\fIBIO_get_fp()\fR retrieves the fp of a file \s-1BIO\s0, it is a macro. +.PP +\&\fIBIO_seek()\fR is a macro that sets the position pointer to \fBoffset\fR bytes +from the start of file. +.PP +\&\fIBIO_tell()\fR returns the value of the position pointer. +.PP +\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and +\&\fIBIO_rw_filename()\fR set the file \s-1BIO\s0 \fBb\fR to use file \fBname\fR for +reading, writing, append or read write respectively. +.SH "NOTES" +.IX Header "NOTES" +When wrapping stdout, stdin or stderr the underlying stream should not +normally be closed so the \s-1BIO_NOCLOSE\s0 flag should be set. +.PP +Because the file \s-1BIO\s0 calls the underlying stdio functions any quirks +in stdio behaviour will be mirrored by the corresponding \s-1BIO\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +File \s-1BIO\s0 \*(L"hello world\*(R": +.PP +.Vb 3 +\& BIO *bio_out; +\& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +Alternative technique: +.PP +.Vb 5 +\& BIO *bio_out; +\& bio_out = BIO_new(BIO_s_file()); +\& if(bio_out == NULL) /* Error ... */ +\& if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */ +\& BIO_printf(bio_out, "Hello World\en"); +.Ve +Write to a file: +.PP +.Vb 5 +\& BIO *out; +\& out = BIO_new_file("filename.txt", "w"); +\& if(!out) /* Error occurred */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +Alternative technique: +.PP +.Vb 6 +\& BIO *out; +\& out = BIO_new(BIO_s_file()); +\& if(out == NULL) /* Error ... */ +\& if(!BIO_write_filename(out, "filename.txt")) /* Error ... */ +\& BIO_printf(out, "Hello World\en"); +\& BIO_free(out); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_file()\fR returns the file \s-1BIO\s0 method. +.PP +\&\fIBIO_new_file()\fR and \fIBIO_new_fp()\fR return a file \s-1BIO\s0 or \s-1NULL\s0 if an error +occurred. +.PP +\&\fIBIO_set_fp()\fR and \fIBIO_get_fp()\fR return 1 for success or 0 for failure +(although the current implementation never return 0). +.PP +\&\fIBIO_seek()\fR returns the same value as the underlying \fIfseek()\fR function: +0 for success or \-1 for failure. +.PP +\&\fIBIO_tell()\fR returns the current file position. +.PP +\&\fIBIO_read_filename()\fR, \fIBIO_write_filename()\fR, \fIBIO_append_filename()\fR and +\&\fIBIO_rw_filename()\fR return 1 for success or 0 for failure. +.SH "BUGS" +.IX Header "BUGS" +\&\fIBIO_reset()\fR and \fIBIO_seek()\fR are implemented using \fIfseek()\fR on the underlying +stream. The return value for \fIfseek()\fR is 0 for success or \-1 if an error +occurred this differs from other types of \s-1BIO\s0 which will typically return +1 for success and a non positive value if an error occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +BIO_seek(3), BIO_tell(3), +BIO_reset(3), BIO_flush(3), +BIO_read(3), +BIO_write(3), BIO_puts(3), +BIO_gets(3), BIO_printf(3), +BIO_set_close(3), BIO_get_close(3) diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 new file mode 100644 index 0000000..779d835 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -0,0 +1,256 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:02 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_MEM 1" +.TH BIO_S_MEM 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf, +BIO_get_mem_ptr, BIO_new_mem_buf \- memory \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_s_mem(void); +.Ve +.Vb 4 +\& BIO_set_mem_eof_return(BIO *b,int v) +\& long BIO_get_mem_data(BIO *b, char **pp) +\& BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c) +\& BIO_get_mem_ptr(BIO *b,BUF_MEM **pp) +.Ve +.Vb 1 +\& BIO *BIO_new_mem_buf(void *buf, int len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_mem()\fR return the memory \s-1BIO\s0 method function. +.PP +A memory \s-1BIO\s0 is a source/sink \s-1BIO\s0 which uses memory for its I/O. Data +written to a memory \s-1BIO\s0 is stored in a \s-1BUF_MEM\s0 structure which is extended +as appropriate to accommodate the stored data. +.PP +Any data written to a memory \s-1BIO\s0 can be recalled by reading from it. +Unless the memory \s-1BIO\s0 is read only any data read from it is deleted from +the \s-1BIO\s0. +.PP +Memory BIOs support \fIBIO_gets()\fR and \fIBIO_puts()\fR. +.PP +If the \s-1BIO_CLOSE\s0 flag is set when a memory \s-1BIO\s0 is freed then the underlying +\&\s-1BUF_MEM\s0 structure is also freed. +.PP +Calling \fIBIO_reset()\fR on a read write memory \s-1BIO\s0 clears any data in it. On a +read only \s-1BIO\s0 it restores the \s-1BIO\s0 to its original state and the read only +data can be read again. +.PP +\&\fIBIO_eof()\fR is true if no data is in the \s-1BIO\s0. +.PP +\&\fIBIO_ctrl_pending()\fR returns the number of bytes currently stored. +.PP +\&\fIBIO_set_mem_eof_return()\fR sets the behaviour of memory \s-1BIO\s0 \fBb\fR when it is +empty. If the \fBv\fR is zero then an empty memory \s-1BIO\s0 will return \s-1EOF\s0 (that is +it will return zero and \fIBIO_should_retry\fR\|(b) will be false. If \fBv\fR is non +zero then it will return \fBv\fR when it is empty and it will set the read retry +flag (that is \fIBIO_read_retry\fR\|(b) is true). To avoid ambiguity with a normal +positive return value \fBv\fR should be set to a negative value, typically \-1. +.PP +\&\fIBIO_get_mem_data()\fR sets \fBpp\fR to a pointer to the start of the memory BIOs data +and returns the total amount of data available. It is implemented as a macro. +.PP +\&\fIBIO_set_mem_buf()\fR sets the internal \s-1BUF_MEM\s0 structure to \fBbm\fR and sets the +close flag to \fBc\fR, that is \fBc\fR should be either \s-1BIO_CLOSE\s0 or \s-1BIO_NOCLOSE\s0. +It is a macro. +.PP +\&\fIBIO_get_mem_ptr()\fR places the underlying \s-1BUF_MEM\s0 structure in \fBpp\fR. It is +a macro. +.PP +\&\fIBIO_new_mem_buf()\fR creates a memory \s-1BIO\s0 using \fBlen\fR bytes of data at \fBbuf\fR, +if \fBlen\fR is \-1 then the \fBbuf\fR is assumed to be null terminated and its +length is determined by \fBstrlen\fR. The \s-1BIO\s0 is set to a read only state and +as a result cannot be written to. This is useful when some data needs to be +made available from a static area of memory in the form of a \s-1BIO\s0. The +supplied data is read directly from the supplied buffer: it is \fBnot\fR copied +first, so the supplied area of memory must be unchanged until the \s-1BIO\s0 is freed. +.SH "NOTES" +.IX Header "NOTES" +Writes to memory BIOs will always succeed if memory is available: that is +their size can grow indefinitely. +.PP +Every read from a read write memory \s-1BIO\s0 will remove the data just read with +an internal copy operation, if a \s-1BIO\s0 contains a lots of data and it is +read in small chunks the operation can be very slow. The use of a read only +memory \s-1BIO\s0 avoids this problem. If the \s-1BIO\s0 must be read write then adding +a buffering \s-1BIO\s0 to the chain will speed up the process. +.SH "BUGS" +.IX Header "BUGS" +There should be an option to set the maximum size of a memory \s-1BIO\s0. +.PP +There should be a way to \*(L"rewind\*(R" a read write \s-1BIO\s0 without destroying +its contents. +.PP +The copying operation should not occur after every small read of a large \s-1BIO\s0 +to improve efficiency. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +Create a memory \s-1BIO\s0 and write some data to it: +.PP +.Vb 2 +\& BIO *mem = BIO_new(BIO_s_mem()); +\& BIO_puts(mem, "Hello World\en"); +.Ve +Create a read only memory \s-1BIO:\s0 +.PP +.Vb 3 +\& char data[] = "Hello World"; +\& BIO *mem; +\& mem = BIO_new_mem_buf(data, -1); +.Ve +Extract the \s-1BUF_MEM\s0 structure from a memory \s-1BIO\s0 and then free up the \s-1BIO:\s0 +.PP +.Vb 4 +\& BUF_MEM *bptr; +\& BIO_get_mem_ptr(mem, &bptr); +\& BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */ +\& BIO_free(mem); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 new file mode 100644 index 0000000..35a6331 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:05 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_NULL 1" +.TH BIO_S_NULL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_null \- null data sink +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_s_null(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. Data written to +the null sink is discarded, reads return \s-1EOF\s0. +.SH "NOTES" +.IX Header "NOTES" +A null sink \s-1BIO\s0 behaves in a similar manner to the Unix /dev/null +device. +.PP +A null bio can be placed on the end of a chain to discard any data +passed through it. +.PP +A null sink is useful if, for example, an application wishes to digest some +data by writing through a digest bio but not send the digested data anywhere. +Since a \s-1BIO\s0 chain must normally include a source/sink \s-1BIO\s0 this can be achieved +by adding a null sink \s-1BIO\s0 to the end of the chain +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_null()\fR returns the null sink \s-1BIO\s0 method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 new file mode 100644 index 0000000..a20339a --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:07 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_S_SOCKET 1" +.TH BIO_S_SOCKET 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 1 +\& BIO_METHOD * BIO_s_socket(void); +.Ve +.Vb 2 +\& #define BIO_set_fd(b,fd,c) BIO_int_ctrl(b,BIO_C_SET_FD,c,fd) +\& #define BIO_get_fd(b,c) BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c) +.Ve +.Vb 1 +\& BIO *BIO_new_socket(int sock, int close_flag); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. This is a wrapper +round the platform's socket routines. +.PP +\&\fIBIO_read()\fR and \fIBIO_write()\fR read or write the underlying socket. +\&\fIBIO_puts()\fR is supported but \fIBIO_gets()\fR is not. +.PP +If the close flag is set then the socket is shut down and closed +when the \s-1BIO\s0 is freed. +.PP +\&\fIBIO_set_fd()\fR sets the socket of \s-1BIO\s0 \fBb\fR to \fBfd\fR and the close +flag to \fBc\fR. +.PP +\&\fIBIO_get_fd()\fR places the socket in \fBc\fR if it is not \s-1NULL\s0, it also +returns the socket . If \fBc\fR is not \s-1NULL\s0 it should be of type (int *). +.PP +\&\fIBIO_new_socket()\fR returns a socket \s-1BIO\s0 using \fBsock\fR and \fBclose_flag\fR. +.SH "NOTES" +.IX Header "NOTES" +Socket BIOs also support any relevant functionality of file descriptor +BIOs. +.PP +The reason for having separate file descriptor and socket BIOs is that on some +platforms sockets are not file descriptors and use distinct I/O routines, +Windows is one such platform. Any code mixing the two will not work on +all platforms. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBIO_s_socket()\fR returns the socket \s-1BIO\s0 method. +.PP +\&\fIBIO_set_fd()\fR always returns 1. +.PP +\&\fIBIO_get_fd()\fR returns the socket or \-1 if the \s-1BIO\s0 has not been +initialized. +.PP +\&\fIBIO_new_socket()\fR returns the newly allocated \s-1BIO\s0 or \s-1NULL\s0 is an error +occurred. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 new file mode 100644 index 0000000..467314e --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:09 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_SET_CALLBACK 1" +.TH BIO_SET_CALLBACK 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg, +BIO_debug_callback \- \s-1BIO\s0 callback functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 4 +\& #define BIO_set_callback(b,cb) ((b)->callback=(cb)) +\& #define BIO_get_callback(b) ((b)->callback) +\& #define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg)) +\& #define BIO_get_callback_arg(b) ((b)->cb_arg) +.Ve +.Vb 2 +\& long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, +\& long argl,long ret); +.Ve +.Vb 2 +\& typedef long callback(BIO *b, int oper, const char *argp, +\& int argi, long argl, long retvalue); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBIO_set_callback()\fR and \fIBIO_get_callback()\fR set and retrieve the \s-1BIO\s0 callback, +they are both macros. The callback is called during most high level \s-1BIO\s0 +operations. It can be used for debugging purposes to trace operations on +a \s-1BIO\s0 or to modify its operation. +.PP +\&\fIBIO_set_callback_arg()\fR and \fIBIO_get_callback_arg()\fR are macros which can be +used to set and retrieve an argument for use in the callback. +.PP +\&\fIBIO_debug_callback()\fR is a standard debugging callback which prints +out information relating to each \s-1BIO\s0 operation. If the callback +argument is set if is interpreted as a \s-1BIO\s0 to send the information +to, otherwise stderr is used. +.PP +\&\fIcallback()\fR is the callback function itself. The meaning of each +argument is described below. +.PP +The \s-1BIO\s0 the callback is attached to is passed in \fBb\fR. +.PP +\&\fBoper\fR is set to the operation being performed. For some operations +the callback is called twice, once before and once after the actual +operation, the latter case has \fBoper\fR or'ed with \s-1BIO_CB_RETURN\s0. +.PP +The meaning of the arguments \fBargp\fR, \fBargi\fR and \fBargl\fR depends on +the value of \fBoper\fR, that is the operation being performed. +.PP +\&\fBretvalue\fR is the return value that would be returned to the +application if no callback were present. The actual value returned +is the return value of the callback itself. In the case of callbacks +called before the actual \s-1BIO\s0 operation 1 is placed in retvalue, if +the return value is not positive it will be immediately returned to +the application and the \s-1BIO\s0 operation will not be performed. +.PP +The callback should normally simply return \fBretvalue\fR when it has +finished processing, unless if specifically wishes to modify the +value returned to the application. +.SH "CALLBACK OPERATIONS" +.IX Header "CALLBACK OPERATIONS" +.Ip "\fB\f(BIBIO_free\fB\|(b)\fR" 4 +.IX Item "BIO_free" +callback(b, \s-1BIO_CB_FREE\s0, \s-1NULL\s0, 0L, 0L, 1L) is called before the +free operation. +.Ip "\fBBIO_read(b, out, outl)\fR" 4 +.IX Item "BIO_read(b, out, outl)" +callback(b, \s-1BIO_CB_READ\s0, out, outl, 0L, 1L) is called before +the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue) +after. +.Ip "\fBBIO_write(b, in, inl)\fR" 4 +.IX Item "BIO_write(b, in, inl)" +callback(b, \s-1BIO_CB_WRITE\s0, in, inl, 0L, 1L) is called before +the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue) +after. +.Ip "\fBBIO_gets(b, out, outl)\fR" 4 +.IX Item "BIO_gets(b, out, outl)" +callback(b, \s-1BIO_CB_GETS\s0, out, outl, 0L, 1L) is called before +the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue) +after. +.Ip "\fBBIO_puts(b, in)\fR" 4 +.IX Item "BIO_puts(b, in)" +callback(b, \s-1BIO_CB_WRITE\s0, in, 0, 0L, 1L) is called before +the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue) +after. +.Ip "\fBBIO_ctrl(\s-1BIO\s0 *b, int cmd, long larg, void *parg)\fR" 4 +.IX Item "BIO_ctrl(BIO *b, int cmd, long larg, void *parg)" +callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and +callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +The \fIBIO_debug_callback()\fR function is a good example, its source is +in crypto/bio/bio_cb.c +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 new file mode 100644 index 0000000..44ddb01 --- /dev/null +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -0,0 +1,253 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:11 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO_SHOULD_RETRY 1" +.TH BIO_SHOULD_RETRY 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BIO_should_retry, BIO_should_read, BIO_should_write, +BIO_should_io_special, BIO_retry_type, BIO_should_retry, +BIO_get_retry_BIO, BIO_get_retry_reason \- \s-1BIO\s0 retry functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +.Vb 5 +\& #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) +\& #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) +\& #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) +\& #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) +\& #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) +.Ve +.Vb 5 +\& #define BIO_FLAGS_READ 0x01 +\& #define BIO_FLAGS_WRITE 0x02 +\& #define BIO_FLAGS_IO_SPECIAL 0x04 +\& #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +\& #define BIO_FLAGS_SHOULD_RETRY 0x08 +.Ve +.Vb 2 +\& BIO * BIO_get_retry_BIO(BIO *bio, int *reason); +\& int BIO_get_retry_reason(BIO *bio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions determine why a \s-1BIO\s0 is not able to read or write data. +They will typically be called after a failed \fIBIO_read()\fR or \fIBIO_write()\fR +call. +.PP +\&\fIBIO_should_retry()\fR is true if the call that produced this condition +should then be retried at a later time. +.PP +If \fIBIO_should_retry()\fR is false then the cause is an error condition. +.PP +\&\fIBIO_should_read()\fR is true if the cause of the condition is that a \s-1BIO\s0 +needs to read data. +.PP +\&\fIBIO_should_write()\fR is true if the cause of the condition is that a \s-1BIO\s0 +needs to read data. +.PP +\&\fIBIO_should_io_special()\fR is true if some \*(L"special\*(R" condition, that is a +reason other than reading or writing is the cause of the condition. +.PP +\&\fIBIO_get_retry_reason()\fR returns a mask of the cause of a retry condition +consisting of the values \fB\s-1BIO_FLAGS_READ\s0\fR, \fB\s-1BIO_FLAGS_WRITE\s0\fR, +\&\fB\s-1BIO_FLAGS_IO_SPECIAL\s0\fR though current \s-1BIO\s0 types will only set one of +these. +.PP +\&\fIBIO_get_retry_BIO()\fR determines the precise reason for the special +condition, it returns the \s-1BIO\s0 that caused this condition and if +\&\fBreason\fR is not \s-1NULL\s0 it contains the reason code. The meaning of +the reason code and the action that should be taken depends on +the type of \s-1BIO\s0 that resulted in this condition. +.PP +\&\fIBIO_get_retry_reason()\fR returns the reason for a special condition if +passed the relevant \s-1BIO\s0, for example as returned by \fIBIO_get_retry_BIO()\fR. +.SH "NOTES" +.IX Header "NOTES" +If \fIBIO_should_retry()\fR returns false then the precise \*(L"error condition\*(R" +depends on the \s-1BIO\s0 type that caused it and the return code of the \s-1BIO\s0 +operation. For example if a call to \fIBIO_read()\fR on a socket \s-1BIO\s0 returns +0 and \fIBIO_should_retry()\fR is false then the cause will be that the +connection closed. A similar condition on a file \s-1BIO\s0 will mean that it +has reached \s-1EOF\s0. Some \s-1BIO\s0 types may place additional information on +the error queue. For more details see the individual \s-1BIO\s0 type manual +pages. +.PP +If the underlying I/O structure is in a blocking mode almost all current +\&\s-1BIO\s0 types will not request a retry, because the underlying I/O +calls will not. If the application knows that the \s-1BIO\s0 type will never +signal a retry then it need not call \fIBIO_should_retry()\fR after a failed +\&\s-1BIO\s0 I/O call. This is typically done with file BIOs. +.PP +\&\s-1SSL\s0 BIOs are the only current exception to this rule: they can request a +retry even if the underlying I/O structure is blocking, if a handshake +occurs during a call to \fIBIO_read()\fR. An application can retry the failed +call immediately or avoid this situation by setting \s-1SSL_MODE_AUTO_RETRY\s0 +on the underlying \s-1SSL\s0 structure. +.PP +While an application may retry a failed non blocking call immediately +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. An application +will normally wait until the necessary condition is satisfied. How +this is done depends on the underlying I/O structure. +.PP +For example if the cause is ultimately a socket and \fIBIO_should_read()\fR +is true then a call to \fIselect()\fR may be made to wait until data is +available and then retry the \s-1BIO\s0 operation. By combining the retry +conditions of several non blocking BIOs in a single \fIselect()\fR call +it is possible to service several BIOs in a single thread, though +the performance may be poor if \s-1SSL\s0 BIOs are present because long delays +can occur during the initial handshake process. +.PP +It is possible for a \s-1BIO\s0 to block indefinitely if the underlying I/O +structure cannot process or return any data. This depends on the behaviour of +the platforms I/O functions. This is often not desirable: one solution +is to use non blocking I/O and use a timeout on the \fIselect()\fR (or +equivalent) call. +.SH "BUGS" +.IX Header "BUGS" +The OpenSSL \s-1ASN1\s0 functions cannot gracefully deal with non blocking I/O: +that is they cannot retry after a partial read or write. This is usually +worked around by only passing the relevant data to \s-1ASN1\s0 functions when +the entire structure can be read or written. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\s-1TBA\s0 diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 new file mode 100644 index 0000000..75852f5 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:14 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_CTX_NEW 1" +.TH BN_CTX_NEW 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& BN_CTX *BN_CTX_new(void); +.Ve +.Vb 1 +\& void BN_CTX_init(BN_CTX *c); +.Ve +.Vb 1 +\& void BN_CTX_free(BN_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1BN_CTX\s0\fR is a structure that holds \fB\s-1BIGNUM\s0\fR temporary variables used by +library functions. Since dynamic memory allocation to create \fB\s-1BIGNUM\s0\fRs +is rather expensive when used in conjunction with repeated subroutine +calls, the \fB\s-1BN_CTX\s0\fR structure is used. +.PP +\&\fIBN_CTX_new()\fR allocates and initializes a \fB\s-1BN_CTX\s0\fR +structure. \fIBN_CTX_init()\fR initializes an existing uninitialized +\&\fB\s-1BN_CTX\s0\fR. +.PP +\&\fIBN_CTX_free()\fR frees the components of the \fB\s-1BN_CTX\s0\fR, and if it was +created by \fIBN_CTX_new()\fR, also the structure itself. +If BN_CTX_start(3) has been used on the \fB\s-1BN_CTX\s0\fR, +BN_CTX_end(3) must be called before the \fB\s-1BN_CTX\s0\fR +may be freed by \fIBN_CTX_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_CTX_new()\fR returns a pointer to the \fB\s-1BN_CTX\s0\fR. If the allocation fails, +it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained by +ERR_get_error(3). +.PP +\&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_add(3), +BN_CTX_start(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_CTX_new()\fR and \fIBN_CTX_free()\fR are available in all versions on SSLeay +and OpenSSL. \fIBN_CTX_init()\fR was added in SSLeay 0.9.1b. diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 new file mode 100644 index 0000000..84c72c7 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:16 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_CTX_START 1" +.TH BN_CTX_START 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& void BN_CTX_start(BN_CTX *ctx); +.Ve +.Vb 1 +\& BIGNUM *BN_CTX_get(BN_CTX *ctx); +.Ve +.Vb 1 +\& void BN_CTX_end(BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions are used to obtain temporary \fB\s-1BIGNUM\s0\fR variables from +a \fB\s-1BN_CTX\s0\fR (which can been created by using BN_CTX_new(3)) +in order to save the overhead of repeatedly creating and +freeing \fB\s-1BIGNUM\s0\fRs in functions that are called from inside a loop. +.PP +A function must call \fIBN_CTX_start()\fR first. Then, \fIBN_CTX_get()\fR may be +called repeatedly to obtain temporary \fB\s-1BIGNUM\s0\fRs. All \fIBN_CTX_get()\fR +calls must be made before calling any other functions that use the +\&\fBctx\fR as an argument. +.PP +Finally, \fIBN_CTX_end()\fR must be called before returning from the function. +When \fIBN_CTX_end()\fR is called, the \fB\s-1BIGNUM\s0\fR pointers obtained from +\&\fIBN_CTX_get()\fR become invalid. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_CTX_start()\fR and \fIBN_CTX_end()\fR return no values. +.PP +\&\fIBN_CTX_get()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR, or \fB\s-1NULL\s0\fR on error. +Once \fIBN_CTX_get()\fR has failed, the subsequent calls will return \fB\s-1NULL\s0\fR +as well, so it is sufficient to check the return value of the last +\&\fIBN_CTX_get()\fR call. In case of an error, an error code is set, which +can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +BN_CTX_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_CTX_start()\fR, \fIBN_CTX_get()\fR and \fIBN_CTX_end()\fR were added in OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 new file mode 100644 index 0000000..ade8c30 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -0,0 +1,243 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:18 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_ADD 1" +.TH BN_ADD 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp, +BN_mod_exp, BN_gcd \- arithmetic operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +.Ve +.Vb 1 +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +.Ve +.Vb 1 +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +.Ve +.Vb 1 +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +.Ve +.Vb 1 +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +.Ve +.Vb 1 +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 1 +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_add()\fR adds \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a+b\*(C'\fR). +\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +.PP +\&\fIBN_sub()\fR subtracts \fBb\fR from \fBa\fR and places the result in \fBr\fR (\f(CW\*(C`r=a\-b\*(C'\fR). +.PP +\&\fIBN_mul()\fR multiplies \fBa\fR and \fBb\fR and places the result in \fBr\fR (\f(CW\*(C`r=a*b\*(C'\fR). +\&\fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBb\fR. +For multiplication by powers of 2, use BN_lshift(3). +.PP +\&\fIBN_div()\fR divides \fBa\fR by \fBd\fR and places the result in \fBdv\fR and the +remainder in \fBrem\fR (\f(CW\*(C`dv=a/d, rem=a%d\*(C'\fR). Either of \fBdv\fR and \fBrem\fR may +be \s-1NULL\s0, in which case the respective value is not returned. +For division by powers of 2, use \fIBN_rshift\fR\|(3). +.PP +\&\fIBN_sqr()\fR takes the square of \fBa\fR and places the result in \fBr\fR +(\f(CW\*(C`r=a^2\*(C'\fR). \fBr\fR and \fBa\fR may be the same \fB\s-1BIGNUM\s0\fR. +This function is faster than BN_mul(r,a,a). +.PP +\&\fIBN_mod()\fR find the remainder of \fBa\fR divided by \fBm\fR and places it in +\&\fBrem\fR (\f(CW\*(C`rem=a%m\*(C'\fR). +.PP +\&\fIBN_mod_mul()\fR multiplies \fBa\fR by \fBb\fR and finds the remainder when +divided by \fBm\fR (\f(CW\*(C`r=(a*b)%m\*(C'\fR). \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR +or \fBb\fR. For a more efficient algorithm, see +BN_mod_mul_montgomery(3); for repeated +computations using the same modulus, see BN_mod_mul_reciprocal(3). +.PP +\&\fIBN_exp()\fR raises \fBa\fR to the \fBp\fR\-th power and places the result in \fBr\fR +(\f(CW\*(C`r=a^p\*(C'\fR). This function is faster than repeated applications of +\&\fIBN_mul()\fR. +.PP +\&\fIBN_mod_exp()\fR computes \fBa\fR to the \fBp\fR\-th power modulo \fBm\fR (\f(CW\*(C`r=a^p % +m\*(C'\fR). This function uses less time and space than \fIBN_exp()\fR. +.PP +\&\fIBN_gcd()\fR computes the greatest common divisor of \fBa\fR and \fBb\fR and +places the result in \fBr\fR. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or +\&\fBb\fR. +.PP +For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables; see BN_CTX_new(3). +.PP +Unless noted otherwise, the result \fB\s-1BIGNUM\s0\fR must be different from +the arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +For all functions, 1 is returned for success, 0 on error. The return +value should always be checked (e.g., \f(CW\*(C`if (!BN_add(r,a,b)) goto err;\*(C'\fR). +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_CTX_new(3), +BN_add_word(3), BN_set_bit(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_add()\fR, \fIBN_sub()\fR, \fIBN_div()\fR, \fIBN_sqr()\fR, \fIBN_mod()\fR, \fIBN_mod_mul()\fR, +\&\fIBN_mod_exp()\fR and \fIBN_gcd()\fR are available in all versions of SSLeay and +OpenSSL. The \fBctx\fR argument to \fIBN_mul()\fR was added in SSLeay +0.9.1b. \fIBN_exp()\fR appeared in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 new file mode 100644 index 0000000..dc57761 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:21 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_ADD_WORD 1" +.TH BN_ADD_WORD 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic +functions on BIGNUMs with integers +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +.Ve +.Vb 1 +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +.Ve +.Vb 1 +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +.Ve +.Vb 1 +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +.Ve +.Vb 1 +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. They are much more efficient than the normal \s-1BIGNUM\s0 +arithmetic operations. +.PP +\&\fIBN_add_word()\fR adds \fBw\fR to \fBa\fR (\f(CW\*(C`a+=w\*(C'\fR). +.PP +\&\fIBN_sub_word()\fR subtracts \fBw\fR from \fBa\fR (\f(CW\*(C`a\-=w\*(C'\fR). +.PP +\&\fIBN_mul_word()\fR multiplies \fBa\fR and \fBw\fR (\f(CW\*(C`a*=b\*(C'\fR). +.PP +\&\fIBN_div_word()\fR divides \fBa\fR by \fBw\fR (\f(CW\*(C`a/=w\*(C'\fR) and returns the remainder. +.PP +\&\fIBN_mod_word()\fR returns the remainder of \fBa\fR divided by \fBw\fR (\f(CW\*(C`a%m\*(C'\fR). +.PP +For \fIBN_div_word()\fR and \fIBN_mod_word()\fR, \fBw\fR must not be 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_add_word()\fR, \fIBN_sub_word()\fR and \fIBN_mul_word()\fR return 1 for success, 0 +on error. The error codes can be obtained by ERR_get_error(3). +.PP +\&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_add(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of +SSLeay and OpenSSL. \fIBN_div_word()\fR was added in SSLeay 0.8, and +\&\fIBN_sub_word()\fR and \fIBN_mul_word()\fR in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 new file mode 100644 index 0000000..4535d20 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -0,0 +1,233 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:23 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_BN2BIN 1" +.TH BN_BN2BIN 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn, +BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn \- format conversions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 2 +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +.Ve +.Vb 4 +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +.Ve +.Vb 2 +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +.Ve +.Vb 2 +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_bn2bin()\fR converts the absolute value of \fBa\fR into big-endian form +and stores it at \fBto\fR. \fBto\fR must point to BN_num_bytes(\fBa\fR) bytes of +memory. +.PP +\&\fIBN_bin2bn()\fR converts the positive integer in big-endian form of length +\&\fBlen\fR at \fBs\fR into a \fB\s-1BIGNUM\s0\fR and places it in \fBret\fR. If \fBret\fR is +\&\s-1NULL\s0, a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return printable strings containing the +hexadecimal and decimal encoding of \fBa\fR respectively. For negative +numbers, the string is prefaced with a leading '\-'. The string must be +freed later using \fIOPENSSL_free()\fR. +.PP +\&\fIBN_hex2bn()\fR converts the string \fBstr\fR containing a hexadecimal number +to a \fB\s-1BIGNUM\s0\fR and stores it in **\fBbn\fR. If *\fBbn\fR is \s-1NULL\s0, a new +\&\fB\s-1BIGNUM\s0\fR is created. If \fBbn\fR is \s-1NULL\s0, it only computes the number's +length in hexadecimal digits. If the string starts with '\-', the +number is negative. \fIBN_dec2bn()\fR is the same using the decimal system. +.PP +\&\fIBN_print()\fR and \fIBN_print_fp()\fR write the hexadecimal encoding of \fBa\fR, +with a leading '\-' for negative numbers, to the \fB\s-1BIO\s0\fR or \fB\s-1FILE\s0\fR +\&\fBfp\fR. +.PP +\&\fIBN_bn2mpi()\fR and \fIBN_mpi2bn()\fR convert \fB\s-1BIGNUM\s0\fRs from and to a format +that consists of the number's length in bytes represented as a 3\-byte +big-endian number, and the number itself in big-endian format, where +the most significant bit signals a negative number (the representation +of numbers with the \s-1MSB\s0 set is prefixed with null byte). +.PP +\&\fIBN_bn2mpi()\fR stores the representation of \fBa\fR at \fBto\fR, where \fBto\fR +must be large enough to hold the result. The size can be determined by +calling BN_bn2mpi(\fBa\fR, \s-1NULL\s0). +.PP +\&\fIBN_mpi2bn()\fR converts the \fBlen\fR bytes long representation at \fBs\fR to +a \fB\s-1BIGNUM\s0\fR and stores it at \fBret\fR, or in a newly allocated \fB\s-1BIGNUM\s0\fR +if \fBret\fR is \s-1NULL\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_bn2bin()\fR returns the length of the big-endian number placed at \fBto\fR. +\&\fIBN_bin2bn()\fR returns the \fB\s-1BIGNUM\s0\fR, \s-1NULL\s0 on error. +.PP +\&\fIBN_bn2hex()\fR and \fIBN_bn2dec()\fR return a null-terminated string, or \s-1NULL\s0 +on error. \fIBN_hex2bn()\fR and \fIBN_dec2bn()\fR return the number's length in +hexadecimal or decimal digits, and 0 on error. +.PP +\&\fIBN_print_fp()\fR and \fIBN_print()\fR return 1 on success, 0 on write errors. +.PP +\&\fIBN_bn2mpi()\fR returns the length of the representation. \fIBN_mpi2bn()\fR +returns the \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_zero(3), +ASN1_INTEGER_to_BN(3), +BN_num_bytes(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_bn2bin()\fR, \fIBN_bin2bn()\fR, \fIBN_print_fp()\fR and \fIBN_print()\fR are available +in all versions of SSLeay and OpenSSL. +.PP +\&\fIBN_bn2hex()\fR, \fIBN_bn2dec()\fR, \fIBN_hex2bn()\fR, \fIBN_dec2bn()\fR, \fIBN_bn2mpi()\fR and +\&\fIBN_mpi2bn()\fR were added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 new file mode 100644 index 0000000..0abc58a --- /dev/null +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:25 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_CMP 1" +.TH BN_CMP 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 2 +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +.Ve +.Vb 4 +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_cmp()\fR compares the numbers \fBa\fR and \fBb\fR. \fIBN_ucmp()\fR compares their +absolute values. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR test if \fBa\fR equals 0, 1, +or \fBw\fR respectively. \fIBN_is_odd()\fR tests if a is odd. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR, \fIBN_is_word()\fR and \fIBN_is_odd()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_cmp()\fR returns \-1 if \fBa\fR < \fBb\fR, 0 if \fBa\fR == \fBb\fR and 1 if +\&\fBa\fR > \fBb\fR. \fIBN_ucmp()\fR is the same using the absolute values +of \fBa\fR and \fBb\fR. +.PP +\&\fIBN_is_zero()\fR, \fIBN_is_one()\fR \fIBN_is_word()\fR and \fIBN_is_odd()\fR return 1 if +the condition is true, 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_cmp()\fR, \fIBN_ucmp()\fR, \fIBN_is_zero()\fR, \fIBN_is_one()\fR and \fIBN_is_word()\fR are +available in all versions of SSLeay and OpenSSL. +\&\fIBN_is_odd()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 new file mode 100644 index 0000000..474b351 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:28 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_COPY 1" +.TH BN_COPY 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_copy, BN_dup \- copy BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from); +.Ve +.Vb 1 +\& BIGNUM *BN_dup(const BIGNUM *from); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_copy()\fR copies \fBfrom\fR to \fBto\fR. \fIBN_dup()\fR creates a new \fB\s-1BIGNUM\s0\fR +containing the value \fBfrom\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_copy()\fR returns \fBto\fR on success, \s-1NULL\s0 on error. \fIBN_dup()\fR returns +the new \fB\s-1BIGNUM\s0\fR, and \s-1NULL\s0 on error. The error codes can be obtained +by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 new file mode 100644 index 0000000..29ab4c5 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -0,0 +1,229 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:30 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_GENERATE_PRIME 1" +.TH BN_GENERATE_PRIME 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 2 +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); +.Ve +.Vb 2 +\& int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, +\& void *), BN_CTX *ctx, void *cb_arg); +.Ve +.Vb 3 +\& int BN_is_prime_fasttest(const BIGNUM *a, int checks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg, +\& int do_trial_division); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_generate_prime()\fR generates a pseudo-random prime number of \fBnum\fR +bits. +If \fBret\fR is not \fB\s-1NULL\s0\fR, it will be used to store the number. +.PP +If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it is called as follows: +.Ip "\(bu" 4 +\&\fBcallback(0, i, cb_arg)\fR is called after generating the i-th +potential prime number. +.Ip "\(bu" 4 +While the number is being tested for primality, \fBcallback(1, j, +cb_arg)\fR is called as described below. +.Ip "\(bu" 4 +When a prime has been found, \fBcallback(2, i, cb_arg)\fR is called. +.PP +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.PP +If \fBadd\fR is not \fB\s-1NULL\s0\fR, the prime will fulfill the condition p % \fBadd\fR +== \fBrem\fR (p % \fBadd\fR == 1 if \fBrem\fR == \fB\s-1NULL\s0\fR) in order to suit a given +generator. +.PP +If \fBsafe\fR is true, it will be a safe prime (i.e. a prime p so +that (p-1)/2 is also prime). +.PP +The \s-1PRNG\s0 must be seeded prior to calling \fIBN_generate_prime()\fR. +The prime number generation has a negligible error probability. +.PP +\&\fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR test if the number \fBa\fR is +prime. The following tests are performed until one of them shows that +\&\fBa\fR is composite; if \fBa\fR passes all these tests, it is considered +prime. +.PP +\&\fIBN_is_prime_fasttest()\fR, when called with \fBdo_trial_division == 1\fR, +first attempts trial division by a number of small primes; +if no divisors are found by this test and \fBcallback\fR is not \fB\s-1NULL\s0\fR, +\&\fBcallback(1, \-1, cb_arg)\fR is called. +If \fBdo_trial_division == 0\fR, this test is skipped. +.PP +Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin +probabilistic primality test with \fBchecks\fR iterations. If +\&\fBchecks == BN_prime_check\fR, a number of iterations is used that +yields a false positive rate of at most 2^\-80 for random input. +.PP +If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called +after the j-th iteration (j = 0, 1, ...). \fBctx\fR is a +pre-allocated \fB\s-1BN_CTX\s0\fR (to save the overhead of allocating and +freeing the structure in a loop), or \fB\s-1NULL\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_generate_prime()\fR returns the prime number on success, \fB\s-1NULL\s0\fR otherwise. +.PP +\&\fIBN_is_prime()\fR returns 0 if the number is composite, 1 if it is +prime with an error probability of less than 0.25^\fBchecks\fR, and +\&\-1 on error. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), rand(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR +were added in SSLeay 0.9.0. The \fBret\fR argument to \fIBN_generate_prime()\fR +was added in SSLeay 0.9.1. +\&\fIBN_is_prime_fasttest()\fR was added in OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 new file mode 100644 index 0000000..137b1e9 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_MOD_INVERSE 1" +.TH BN_MOD_INVERSE 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_mod_inverse \- compute inverse modulo n +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 2 +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_mod_inverse()\fR computes the inverse of \fBa\fR modulo \fBn\fR +places the result in \fBr\fR (\f(CW\*(C`(a*r)%n==1\*(C'\fR). If \fBr\fR is \s-1NULL\s0, +a new \fB\s-1BIGNUM\s0\fR is created. +.PP +\&\fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for temporary +variables. \fBr\fR may be the same \fB\s-1BIGNUM\s0\fR as \fBa\fR or \fBn\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_mod_inverse()\fR returns the \fB\s-1BIGNUM\s0\fR containing the inverse, and +\&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_add(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 new file mode 100644 index 0000000..c695144 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -0,0 +1,235 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:34 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_MOD_MUL_MONTGOMERY 1" +.TH BN_MOD_MUL_MONTGOMERY 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init, +BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy, +BN_from_montgomery, BN_to_montgomery \- Montgomery multiplication +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 3 +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +.Ve +.Vb 2 +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +.Ve +.Vb 2 +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement Montgomery multiplication. They are used +automatically when BN_mod_exp(3) is called with suitable input, +but they may be useful when several operations are to be performed +using the same modulus. +.PP +\&\fIBN_MONT_CTX_new()\fR allocates and initializes a \fB\s-1BN_MONT_CTX\s0\fR structure. +\&\fIBN_MONT_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_MONT_CTX\s0\fR. +.PP +\&\fIBN_MONT_CTX_set()\fR sets up the \fBmont\fR structure from the modulus \fBm\fR +by precomputing its inverse and a value R. +.PP +\&\fIBN_MONT_CTX_copy()\fR copies the \fB\s-1BN_MONT_CTX\s0\fR \fBfrom\fR to \fBto\fR. +.PP +\&\fIBN_MONT_CTX_free()\fR frees the components of the \fB\s-1BN_MONT_CTX\s0\fR, and, if +it was created by \fIBN_MONT_CTX_new()\fR, also the structure itself. +.PP +\&\fIBN_mod_mul_montgomery()\fR computes Mont(\fBa\fR,\fBb\fR):=\fBa\fR*\fBb\fR*R^\-1 and places +the result in \fBr\fR. +.PP +\&\fIBN_from_montgomery()\fR performs the Montgomery reduction \fBr\fR = \fBa\fR*R^\-1. +.PP +\&\fIBN_to_montgomery()\fR computes Mont(\fBa\fR,R^2), i.e. \fBa\fR*R. +.PP +For all functions, \fBctx\fR is a previously allocated \fB\s-1BN_CTX\s0\fR used for +temporary variables. +.PP +The \fB\s-1BN_MONT_CTX\s0\fR structure is defined as follows: +.PP +.Vb 10 +\& typedef struct bn_mont_ctx_st +\& { +\& int ri; /* number of bits in R */ +\& BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ +\& BIGNUM N; /* The modulus */ +\& BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 +\& * (Ni is only stored for bignum algorithm) */ +\& BN_ULONG n0; /* least significant word of Ni */ +\& int flags; +\& } BN_MONT_CTX; +.Ve +\&\fIBN_to_montgomery()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_MONT_CTX_new()\fR returns the newly allocated \fB\s-1BN_MONT_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_free()\fR have no return values. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_add(3), +BN_CTX_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_MONT_CTX_new()\fR, \fIBN_MONT_CTX_free()\fR, \fIBN_MONT_CTX_set()\fR, +\&\fIBN_mod_mul_montgomery()\fR, \fIBN_from_montgomery()\fR and \fIBN_to_montgomery()\fR +are available in all versions of SSLeay and OpenSSL. +.PP +\&\fIBN_MONT_CTX_init()\fR and \fIBN_MONT_CTX_copy()\fR were added in SSLeay 0.9.1b. diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 new file mode 100644 index 0000000..75a511c --- /dev/null +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:37 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_MOD_MUL_RECIPROCAL 1" +.TH BN_MOD_MUL_RECIPROCAL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_mod_mul_reciprocal, BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init, +BN_RECP_CTX_free, BN_RECP_CTX_set \- modular multiplication using +reciprocal +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 3 +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_init(BN_RECP_CTX *recp); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +.Ve +.Vb 1 +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp, +\& BN_CTX *ctx); +.Ve +.Vb 2 +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_mod_mul_reciprocal()\fR can be used to perform an efficient +BN_mod_mul(3) operation when the operation will be performed +repeatedly with the same modulus. It computes \fBr\fR=(\fBa\fR*\fBb\fR)%\fBm\fR +using \fBrecp\fR=1/\fBm\fR, which is set as described below. \fBctx\fR is a +previously allocated \fB\s-1BN_CTX\s0\fR used for temporary variables. +.PP +\&\fIBN_RECP_CTX_new()\fR allocates and initializes a \fB\s-1BN_RECP\s0\fR structure. +\&\fIBN_RECP_CTX_init()\fR initializes an existing uninitialized \fB\s-1BN_RECP\s0\fR. +.PP +\&\fIBN_RECP_CTX_free()\fR frees the components of the \fB\s-1BN_RECP\s0\fR, and, if it +was created by \fIBN_RECP_CTX_new()\fR, also the structure itself. +.PP +\&\fIBN_RECP_CTX_set()\fR stores \fBm\fR in \fBrecp\fR and sets it up for computing +1/\fBm\fR and shifting it left by BN_num_bits(\fBm\fR)+1 to make it an +integer. The result and the number of bits it was shifted left will +later be stored in \fBrecp\fR. +.PP +\&\fIBN_div_recp()\fR divides \fBa\fR by \fBm\fR using \fBrecp\fR. It places the quotient +in \fBdv\fR and the remainder in \fBrem\fR. +.PP +The \fB\s-1BN_RECP_CTX\s0\fR structure is defined as follows: +.PP +.Vb 8 +\& typedef struct bn_recp_ctx_st +\& { +\& BIGNUM N; /* the divisor */ +\& BIGNUM Nr; /* the reciprocal */ +\& int num_bits; +\& int shift; +\& int flags; +\& } BN_RECP_CTX; +.Ve +It cannot be shared between threads. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_RECP_CTX_new()\fR returns the newly allocated \fB\s-1BN_RECP_CTX\s0\fR, and \s-1NULL\s0 +on error. +.PP +\&\fIBN_RECP_CTX_init()\fR and \fIBN_RECP_CTX_free()\fR have no return values. +.PP +For the other functions, 1 is returned for success, 0 on error. +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), BN_add(3), +BN_CTX_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fB\s-1BN_RECP_CTX\s0\fR was added in SSLeay 0.9.0. Before that, the function +\&\fIBN_reciprocal()\fR was used instead, and the \fIBN_mod_mul_reciprocal()\fR +arguments were different. diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 new file mode 100644 index 0000000..ac22a96 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:39 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_NEW 1" +.TH BN_NEW 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& BIGNUM *BN_new(void); +.Ve +.Vb 1 +\& void BN_init(BIGNUM *); +.Ve +.Vb 1 +\& void BN_clear(BIGNUM *a); +.Ve +.Vb 1 +\& void BN_free(BIGNUM *a); +.Ve +.Vb 1 +\& void BN_clear_free(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_new()\fR allocated and initializes a \fB\s-1BIGNUM\s0\fR structure. \fIBN_init()\fR +initializes an existing uninitialized \fB\s-1BIGNUM\s0\fR. +.PP +\&\fIBN_clear()\fR is used to destroy sensitive data such as keys when they +are no longer needed. It erases the memory used by \fBa\fR and sets it +to the value 0. +.PP +\&\fIBN_free()\fR frees the components of the \fB\s-1BIGNUM\s0\fR, and if it was created +by \fIBN_new()\fR, also the structure itself. \fIBN_clear_free()\fR additionally +overwrites the data before the memory is returned to the system. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_new()\fR returns a pointer to the \fB\s-1BIGNUM\s0\fR. If the allocation fails, +it returns \fB\s-1NULL\s0\fR and sets an error code that can be obtained +by ERR_get_error(3). +.PP +\&\fIBN_init()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR have no return +values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in +all versions on SSLeay and OpenSSL. \fIBN_init()\fR was added in SSLeay +0.9.1b. diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 new file mode 100644 index 0000000..aa4daa8 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:41 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_NUM_BYTES 1" +.TH BN_NUM_BYTES 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& int BN_num_bytes(const BIGNUM *a); +.Ve +.Vb 1 +\& int BN_num_bits(const BIGNUM *a); +.Ve +.Vb 1 +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions return the size of a \fB\s-1BIGNUM\s0\fR in bytes or bits, +and the size of an unsigned integer in bits. +.PP +\&\fIBN_num_bytes()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_num_bytes()\fR, \fIBN_num_bits()\fR and \fIBN_num_bits_word()\fR are available in +all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 new file mode 100644 index 0000000..40d6621 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:43 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_RAND 1" +.TH BN_RAND 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_rand, BN_pseudo_rand \- generate pseudo-random number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 1 +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +.Ve +.Vb 1 +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +.Ve +.Vb 1 +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.Vb 1 +\& int BN_pseudo_rand_range(BIGNUM *rnd, int bits, int top, int bottom); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_rand()\fR generates a cryptographically strong pseudo-random number of +\&\fBbits\fR bits in length and stores it in \fBrnd\fR. If \fBtop\fR is \-1, the +most significant bit of the random number can be zero. If \fBtop\fR is 0, +it is set to 1, and if \fBtop\fR is 1, the two most significant bits of +the number will be set to 1, so that the product of two such random +numbers will always have 2*\fBbits\fR length. If \fBbottom\fR is true, the +number will be odd. +.PP +\&\fIBN_pseudo_rand()\fR does the same, but pseudo-random numbers generated by +this function are not necessarily unpredictable. They can be used for +non-cryptographic purposes and for certain purposes in cryptographic +protocols, but usually not for key generation etc. +.PP +\&\fIBN_rand_range()\fR generates a cryptographically strong pseudo-random +number \fBrnd\fR in the range 0 <lt>= \fBrnd\fR < \fBrange\fR. +\&\fIBN_pseudo_rand_range()\fR does the same, but is based on \fIBN_pseudo_rand()\fR, +and hence numbers generated by it are not necessarily unpredictable. +.PP +The \s-1PRNG\s0 must be seeded prior to calling \fIBN_rand()\fR or \fIBN_rand_range()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return 1 on success, 0 on error. +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), err(3), rand(3), +RAND_add(3), RAND_bytes(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_rand()\fR is available in all versions of SSLeay and OpenSSL. +\&\fIBN_pseudo_rand()\fR was added in OpenSSL 0.9.5. The \fBtop\fR == \-1 case +and the function \fIBN_rand_range()\fR were added in OpenSSL 0.9.6a. +\&\fIBN_pseudo_rand_range()\fR was added in OpenSSL 0.9.6c. diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 new file mode 100644 index 0000000..5709214 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:45 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_SET_BIT 1" +.TH BN_SET_BIT 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift, +BN_lshift1, BN_rshift, BN_rshift1 \- bit operations on BIGNUMs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 2 +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +.Ve +.Vb 1 +\& int BN_is_bit_set(const BIGNUM *a, int n); +.Ve +.Vb 1 +\& int BN_mask_bits(BIGNUM *a, int n); +.Ve +.Vb 2 +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +.Ve +.Vb 2 +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_set_bit()\fR sets bit \fBn\fR in \fBa\fR to 1 (\f(CW\*(C`a|=(1<<n)\*(C'\fR). The +number is expanded if necessary. +.PP +\&\fIBN_clear_bit()\fR sets bit \fBn\fR in \fBa\fR to 0 (\f(CW\*(C`a&=~(1<<n)\*(C'\fR). An +error occurs if \fBa\fR is shorter than \fBn\fR bits. +.PP +\&\fIBN_is_bit_set()\fR tests if bit \fBn\fR in \fBa\fR is set. +.PP +\&\fIBN_mask_bits()\fR truncates \fBa\fR to an \fBn\fR bit number +(\f(CW\*(C`a&=~((~0)>>n)\*(C'\fR). An error occurs if \fBa\fR already is +shorter than \fBn\fR bits. +.PP +\&\fIBN_lshift()\fR shifts \fBa\fR left by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a*2^n\*(C'\fR). \fIBN_lshift1()\fR shifts \fBa\fR left by one and places +the result in \fBr\fR (\f(CW\*(C`r=2*a\*(C'\fR). +.PP +\&\fIBN_rshift()\fR shifts \fBa\fR right by \fBn\fR bits and places the result in +\&\fBr\fR (\f(CW\*(C`r=a/2^n\*(C'\fR). \fIBN_rshift1()\fR shifts \fBa\fR right by one and places +the result in \fBr\fR (\f(CW\*(C`r=a/2\*(C'\fR). +.PP +For the shift functions, \fBr\fR and \fBa\fR may be the same variable. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_is_bit_set()\fR returns 1 if the bit is set, 0 otherwise. +.PP +All other functions return 1 for success, 0 on error. The error codes +can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), BN_num_bytes(3), BN_add(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_set_bit()\fR, \fIBN_clear_bit()\fR, \fIBN_is_bit_set()\fR, \fIBN_mask_bits()\fR, +\&\fIBN_lshift()\fR, \fIBN_lshift1()\fR, \fIBN_rshift()\fR, and \fIBN_rshift1()\fR are available +in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 new file mode 100644 index 0000000..8d84af8 --- /dev/null +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:48 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_ZERO 1" +.TH BN_ZERO 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment +operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 2 +\& int BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +.Ve +.Vb 1 +\& BIGNUM *BN_value_one(void); +.Ve +.Vb 2 +\& int BN_set_word(BIGNUM *a, unsigned long w); +\& unsigned long BN_get_word(BIGNUM *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR set \fBa\fR to the values 0, 1 and +\&\fBw\fR respectively. \fIBN_zero()\fR and \fIBN_one()\fR are macros. +.PP +\&\fIBN_value_one()\fR returns a \fB\s-1BIGNUM\s0\fR constant of value 1. This constant +is useful for use in comparisons and assignment. +.PP +\&\fIBN_get_word()\fR returns \fBa\fR, if it can be represented as an unsigned +long. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBN_get_word()\fR returns the value \fBa\fR, and 0xffffffffL if \fBa\fR cannot +be represented as an unsigned long. +.PP +\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR return 1 on success, 0 otherwise. +\&\fIBN_value_one()\fR returns the constant. +.SH "BUGS" +.IX Header "BUGS" +Someone might change the constant. +.PP +If a \fB\s-1BIGNUM\s0\fR is equal to 0xffffffffL it can be represented as an +unsigned long but this value is also returned on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), BN_bn2bin(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBN_zero()\fR, \fIBN_one()\fR and \fIBN_set_word()\fR are available in all versions of +SSLeay and OpenSSL. \fIBN_value_one()\fR and \fIBN_get_word()\fR were added in +SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/CA.pl.1 b/secure/lib/libcrypto/man/CA.pl.1 new file mode 100644 index 0000000..6889b45 --- /dev/null +++ b/secure/lib/libcrypto/man/CA.pl.1 @@ -0,0 +1,298 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:13:49 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CA.PL 1" +.TH CA.PL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fB\s-1CA\s0.pl\fR +[\fB\-?\fR] +[\fB\-h\fR] +[\fB\-help\fR] +[\fB\-newcert\fR] +[\fB\-newreq\fR] +[\fB\-newca\fR] +[\fB\-xsign\fR] +[\fB\-sign\fR] +[\fB\-signreq\fR] +[\fB\-signcert\fR] +[\fB\-verify\fR] +[\fBfiles\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1CA\s0.pl\fR script is a perl script that supplies the relevant command line +arguments to the \fBopenssl\fR command for some common certificate operations. +It is intended to simplify the process of certificate creation and management +by the use of some simple options. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB?\fR, \fB\-h\fR, \fB\-help\fR" 4 +.IX Item "?, -h, -help" +prints a usage message. +.Ip "\fB\-newcert\fR" 4 +.IX Item "-newcert" +creates a new self signed certificate. The private key and certificate are +written to the file \*(L"newreq.pem\*(R". +.Ip "\fB\-newreq\fR" 4 +.IX Item "-newreq" +creates a new certificate request. The private key and request are +written to the file \*(L"newreq.pem\*(R". +.Ip "\fB\-newca\fR" 4 +.IX Item "-newca" +creates a new \s-1CA\s0 hierarchy for use with the \fBca\fR program (or the \fB\-signcert\fR +and \fB\-xsign\fR options). The user is prompted to enter the filename of the \s-1CA\s0 +certificates (which should also contain the private key) or by hitting \s-1ENTER\s0 +details of the \s-1CA\s0 will be prompted for. The relevant files and directories +are created in a directory called \*(L"demoCA\*(R" in the current directory. +.Ip "\fB\-pkcs12\fR" 4 +.IX Item "-pkcs12" +create a PKCS#12 file containing the user certificate, private key and \s-1CA\s0 +certificate. It expects the user certificate and private key to be in the +file \*(L"newcert.pem\*(R" and the \s-1CA\s0 certificate to be in the file demoCA/cacert.pem, +it creates a file \*(L"newcert.p12\*(R". This command can thus be called after the +\&\fB\-sign\fR option. The PKCS#12 file can be imported directly into a browser. +If there is an additional argument on the command line it will be used as the +\&\*(L"friendly name\*(R" for the certificate (which is typically displayed in the browser +list box), otherwise the name \*(L"My Certificate\*(R" is used. +.Ip "\fB\-sign\fR, \fB\-signreq\fR, \fB\-xsign\fR" 4 +.IX Item "-sign, -signreq, -xsign" +calls the \fBca\fR program to sign a certificate request. It expects the request +to be in the file \*(L"newreq.pem\*(R". The new certificate is written to the file +\&\*(L"newcert.pem\*(R" except in the case of the \fB\-xsign\fR option when it is written +to standard output. +.Ip "\fB\-signCA\fR" 4 +.IX Item "-signCA" +this option is the same as the \fB\-signreq\fR option except it uses the configuration +file section \fBv3_ca\fR and so makes the signed request a valid \s-1CA\s0 certificate. This +is useful when creating intermediate \s-1CA\s0 from a root \s-1CA\s0. +.Ip "\fB\-signcert\fR" 4 +.IX Item "-signcert" +this option is the same as \fB\-sign\fR except it expects a self signed certificate +to be present in the file \*(L"newreq.pem\*(R". +.Ip "\fB\-verify\fR" 4 +.IX Item "-verify" +verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates +are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". +.Ip "\fBfiles\fR" 4 +.IX Item "files" +one or more optional certificate file names for use with the \fB\-verify\fR command. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a \s-1CA\s0 hierarchy: +.PP +.Vb 1 +\& CA.pl -newca +.Ve +Complete certificate creation example: create a \s-1CA\s0, create a request, sign +the request and finally create a PKCS#12 file containing it. +.PP +.Vb 4 +\& CA.pl -newca +\& CA.pl -newreq +\& CA.pl -signreq +\& CA.pl -pkcs12 "My Test Certificate" +.Ve +.SH "DSA CERTIFICATES" +.IX Header "DSA CERTIFICATES" +Although the \fB\s-1CA\s0.pl\fR creates \s-1RSA\s0 CAs and requests it is still possible to +use it with \s-1DSA\s0 certificates and requests using the req(1) command +directly. The following example shows the steps that would typically be taken. +.PP +Create some \s-1DSA\s0 parameters: +.PP +.Vb 1 +\& openssl dsaparam -out dsap.pem 1024 +.Ve +Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: +.PP +.Vb 1 +\& openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem +.Ve +Create the \s-1CA\s0 directories and files: +.PP +.Vb 1 +\& CA.pl -newca +.Ve +enter cacert.pem when prompted for the \s-1CA\s0 file name. +.PP +Create a \s-1DSA\s0 certificate request and private key (a different set of parameters +can optionally be created first): +.PP +.Vb 1 +\& openssl req -out newreq.pem -newkey dsa:dsap.pem +.Ve +Sign the request: +.PP +.Vb 1 +\& CA.pl -signreq +.Ve +.SH "NOTES" +.IX Header "NOTES" +Most of the filenames mentioned can be modified by editing the \fB\s-1CA\s0.pl\fR script. +.PP +If the demoCA directory already exists then the \fB\-newca\fR command will not +overwrite it and will do nothing. This can happen if a previous call using +the \fB\-newca\fR option terminated abnormally. To get the correct behaviour +delete the demoCA directory if it already exists. +.PP +Under some environments it may not be possible to run the \fB\s-1CA\s0.pl\fR script +directly (for example Win32) and the default configuration file location may +be wrong. In this case the command: +.PP +.Vb 1 +\& perl -S CA.pl +.Ve +can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to +the correct path of the configuration file \*(L"openssl.cnf\*(R". +.PP +The script is intended as a simple front end for the \fBopenssl\fR program for use +by a beginner. Its behaviour isn't always what is wanted. For more control over the +behaviour of the certificate commands call the \fBopenssl\fR command directly. +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration +file location to be specified, it should contain the full path to the +configuration file, not just its directory. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +x509(1), ca(1), req(1), pkcs12(1), +config(5) diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 new file mode 100644 index 0000000..a78040a --- /dev/null +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:50 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CRYPTO_SET_EX_DATA 1" +.TH CRYPTO_SET_EX_DATA 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg); +.Ve +.Vb 1 +\& void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +These functions should only be used by applications to manipulate +\&\fB\s-1CRYPTO_EX_DATA\s0\fR structures passed to the \fB\f(BInew_func()\fB\fR, \fB\f(BIfree_func()\fB\fR and +\&\fB\f(BIdup_func()\fB\fR callbacks: as passed to \fB\f(BIRSA_get_ex_new_index()\fB\fR for example. +.PP +\&\fB\f(BICRYPTO_set_ex_data()\fB\fR is used to set application specific data, the data is +supplied in the \fBarg\fR parameter and its precise meaning is up to the +application. +.PP +\&\fB\f(BICRYPTO_get_ex_data()\fB\fR is used to retrieve application specific data. The data +is returned to the application, this will be the same value as supplied to +a previous \fB\f(BICRYPTO_set_ex_data()\fB\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\f(BICRYPTO_set_ex_data()\fB\fR returns 1 on success or 0 on failure. +.PP +\&\fB\f(BICRYPTO_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also +be valid application data but currently it can only fail if given an invalid \fBidx\fR +parameter. +.PP +On failure an error code can be obtained from ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +RSA_get_ex_new_index(3), +DSA_get_ex_new_index(3), +DH_get_ex_new_index(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICRYPTO_set_ex_data()\fR and \fICRYPTO_get_ex_data()\fR have been available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 new file mode 100644 index 0000000..c57d83c --- /dev/null +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:52 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH_GENERATE_KEY 1" +.TH DH_GENERATE_KEY 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 1 +\& int DH_generate_key(DH *dh); +.Ve +.Vb 1 +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_generate_key()\fR performs the first step of a Diffie-Hellman key +exchange by generating private and public \s-1DH\s0 values. By calling +\&\fIDH_compute_key()\fR, these are combined with the other party's public +value to compute the shared key. +.PP +\&\fIDH_generate_key()\fR expects \fBdh\fR to contain the shared parameters +\&\fBdh->p\fR and \fBdh->g\fR. It generates a random private \s-1DH\s0 value +unless \fBdh->priv_key\fR is already set, and computes the +corresponding public value \fBdh->pub_key\fR, which can then be +published. +.PP +\&\fIDH_compute_key()\fR computes the shared secret from the private \s-1DH\s0 value +in \fBdh\fR and the other party's public value in \fBpub_key\fR and stores +it in \fBkey\fR. \fBkey\fR must point to \fBDH_size(dh)\fR bytes of memory. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_generate_key()\fR returns 1 on success, 0 otherwise. +.PP +\&\fIDH_compute_key()\fR returns the size of the shared secret on success, \-1 +on error. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), err(3), rand(3), DH_size(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions +of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 new file mode 100644 index 0000000..48d695b --- /dev/null +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -0,0 +1,206 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:54 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH_GENERATE_PARAMETERS 1" +.TH DH_GENERATE_PARAMETERS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 2 +\& DH *DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.Vb 1 +\& int DH_check(DH *dh, int *codes); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_generate_parameters()\fR generates Diffie-Hellman parameters that can +be shared among a group of users, and returns them in a newly +allocated \fB\s-1DH\s0\fR structure. The pseudo-random number generator must be +seeded prior to calling \fIDH_generate_parameters()\fR. +.PP +\&\fBprime_len\fR is the length in bits of the safe prime to be generated. +\&\fBgenerator\fR is a small number > 1, typically 2 or 5. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it will be +called as described in BN_generate_prime(3) while a random prime +number is generated, and when a prime has been found, \fBcallback(3, +0, cb_arg)\fR is called. +.PP +\&\fIDH_check()\fR validates Diffie-Hellman parameters. It checks that \fBp\fR is +a safe prime, and that \fBg\fR is a suitable generator. In the case of an +error, the bit flags \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0 or +\&\s-1DH_NOT_SUITABLE_GENERATOR\s0 are set in \fB*codes\fR. +\&\s-1DH_UNABLE_TO_CHECK_GENERATOR\s0 is set if the generator cannot be +checked, i.e. it does not equal 2 or 5. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_generate_parameters()\fR returns a pointer to the \s-1DH\s0 structure, or +\&\s-1NULL\s0 if the parameter generation fails. The error codes can be +obtained by ERR_get_error(3). +.PP +\&\fIDH_check()\fR returns 1 if the check could be performed, 0 otherwise. +.SH "NOTES" +.IX Header "NOTES" +\&\fIDH_generate_parameters()\fR may run for several hours before finding a +suitable prime. +.PP +The parameters generated by \fIDH_generate_parameters()\fR are not to be +used in signature schemes. +.SH "BUGS" +.IX Header "BUGS" +If \fBgenerator\fR is not 2 or 5, \fBdh->g\fR=\fBgenerator\fR is not +a usable generator. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), err(3), rand(3), DH_free(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL. +The \fBcb_arg\fR argument to \fIDH_generate_parameters()\fR was added in SSLeay 0.9.0. +.PP +In versions before OpenSSL 0.9.5, \s-1DH_CHECK_P_NOT_STRONG_PRIME\s0 is used +instead of \s-1DH_CHECK_P_NOT_SAFE_PRIME\s0. diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 new file mode 100644 index 0000000..ea90db6 --- /dev/null +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:57 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH_GET_EX_NEW_INDEX 1" +.TH DH_GET_EX_NEW_INDEX 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 4 +\& int DH_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int DH_set_ex_data(DH *d, int idx, void *arg); +.Ve +.Vb 1 +\& char *DH_get_ex_data(DH *d, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions handle application specific data in \s-1DH\s0 +structures. Their usage is identical to that of +\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR +as described in \fIRSA_get_ex_new_index\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +RSA_get_ex_new_index(), dh(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDH_get_ex_new_index()\fR, \fIDH_set_ex_data()\fR and \fIDH_get_ex_data()\fR are +available since OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 new file mode 100644 index 0000000..af473ee --- /dev/null +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:16:59 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH_NEW 1" +.TH DH_NEW 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DH_new, DH_free \- allocate and free \s-1DH\s0 objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 1 +\& DH* DH_new(void); +.Ve +.Vb 1 +\& void DH_free(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDH_new()\fR allocates and initializes a \fB\s-1DH\s0\fR structure. +.PP +\&\fIDH_free()\fR frees the \fB\s-1DH\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDH_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fIDH_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), err(3), +DH_generate_parameters(3), +DH_generate_key(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDH_new()\fR and \fIDH_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 new file mode 100644 index 0000000..8066c77 --- /dev/null +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH_SET_METHOD 1" +.TH DH_SET_METHOD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DH_set_default_method, DH_get_default_method, DH_set_method, +DH_new_method, DH_OpenSSL \- select \s-1DH\s0 method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 1 +\& void DH_set_default_method(DH_METHOD *meth); +.Ve +.Vb 1 +\& DH_METHOD *DH_get_default_method(void); +.Ve +.Vb 1 +\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); +.Ve +.Vb 1 +\& DH *DH_new_method(DH_METHOD *meth); +.Ve +.Vb 1 +\& DH_METHOD *DH_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DH_METHOD\s0\fR specifies the functions that OpenSSL uses for Diffie-Hellman +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. +.PP +Initially, the default is to use the OpenSSL internal implementation. +\&\fIDH_OpenSSL()\fR returns a pointer to that method. +.PP +\&\fIDH_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DH\s0\fR +structures created later. +.PP +\&\fIDH_get_default_method()\fR returns a pointer to the current default +method. +.PP +\&\fIDH_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdh\fR. +.PP +\&\fIDH_new_method()\fR allocates and initializes a \fB\s-1DH\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1DH\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE DH_METHOD STRUCTURE" +.IX Header "THE DH_METHOD STRUCTURE" +.Vb 4 +\& typedef struct dh_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +.Ve +.Vb 2 +\& /* generate private and public DH values for key agreement */ +\& int (*generate_key)(DH *dh); +.Ve +.Vb 2 +\& /* compute shared secret */ +\& int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.Vb 4 +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, +\& BN_MONT_CTX *m_ctx); +.Ve +.Vb 2 +\& /* called at DH_new */ +\& int (*init)(DH *dh); +.Ve +.Vb 2 +\& /* called at DH_free */ +\& int (*finish)(DH *dh); +.Ve +.Vb 1 +\& int flags; +.Ve +.Vb 1 +\& char *app_data; /* ?? */ +.Ve +.Vb 1 +\& } DH_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDH_OpenSSL()\fR and \fIDH_get_default_method()\fR return pointers to the respective +\&\fB\s-1DH_METHOD\s0\fRs. +.PP +\&\fIDH_set_default_method()\fR returns no value. +.PP +\&\fIDH_set_method()\fR returns a pointer to the \fB\s-1DH_METHOD\s0\fR previously +associated with \fBdh\fR. +.PP +\&\fIDH_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be +obtained by ERR_get_error(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), DH_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDH_set_default_method()\fR, \fIDH_get_default_method()\fR, \fIDH_set_method()\fR, +\&\fIDH_new_method()\fR and \fIDH_OpenSSL()\fR were added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 new file mode 100644 index 0000000..ef65019 --- /dev/null +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:03 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH_SIZE 1" +.TH DH_SIZE 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DH_size \- get Diffie-Hellman prime size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 1 +\& int DH_size(DH *dh); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function returns the Diffie-Hellman size in bytes. It can be used +to determine how much memory must be allocated for the shared secret +computed by \fIDH_compute_key()\fR. +.PP +\&\fBdh->p\fR must not be \fB\s-1NULL\s0\fR. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +The size in bytes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), DH_generate_key(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDH_size()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 new file mode 100644 index 0000000..654ce11 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -0,0 +1,175 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:05 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_SIG_NEW 1" +.TH DSA_SIG_NEW 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DSA_SIG *DSA_SIG_new(void); +.Ve +.Vb 1 +\& void DSA_SIG_free(DSA_SIG *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_SIG_new()\fR allocates and initializes a \fB\s-1DSA_SIG\s0\fR structure. +.PP +\&\fIDSA_SIG_free()\fR frees the \fB\s-1DSA_SIG\s0\fR structure and its components. The +values are erased before the memory is returned to the system. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDSA_SIG_new()\fR returns \fB\s-1NULL\s0\fR and sets an +error code that can be obtained by +ERR_get_error(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fIDSA_SIG_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), err(3), DSA_do_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 new file mode 100644 index 0000000..3c1f4d5 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:07 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_DO_SIGN 1" +.TH DSA_DO_SIGN 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +.Ve +.Vb 2 +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_do_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and returns it in a +newly allocated \fB\s-1DSA_SIG\s0\fR structure. +.PP +DSA_sign_setup(3) may be used to precompute part +of the signing operation in case signature generation is +time-critical. +.PP +\&\fIDSA_do_verify()\fR verifies that the signature \fBsig\fR matches a given +message digest \fBdgst\fR of size \fBlen\fR. \fBdsa\fR is the signer's public +key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_do_sign()\fR returns the signature, \s-1NULL\s0 on error. \fIDSA_do_verify()\fR +returns 1 for a valid signature, 0 for an incorrect signature and \-1 +on error. The error codes can be obtained by +ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), err(3), rand(3), +DSA_SIG_new(3), +DSA_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_do_sign()\fR and \fIDSA_do_verify()\fR were added in OpenSSL 0.9.3. diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 new file mode 100644 index 0000000..0725178 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_DUP_DH 1" +.TH DSA_DUP_DH 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DH * DSA_dup_DH(DSA *r); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_dup_DH()\fR duplicates \s-1DSA\s0 parameters/keys as \s-1DH\s0 parameters/keys. q +is lost during that conversion, but the resulting \s-1DH\s0 parameters +contain its length. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIDSA_dup_DH()\fR returns the new \fB\s-1DH\s0\fR structure, and \s-1NULL\s0 on error. The +error codes can be obtained by ERR_get_error(3). +.SH "NOTE" +.IX Header "NOTE" +Be careful to avoid small subgroup attacks when using this. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), dsa(3), err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 new file mode 100644 index 0000000..5f9bc44 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:12 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_GENERATE_KEY 1" +.TH DSA_GENERATE_KEY 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_generate_key \- generate \s-1DSA\s0 key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& int DSA_generate_key(DSA *a); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_generate_key()\fR expects \fBa\fR to contain \s-1DSA\s0 parameters. It generates +a new key pair and stores it in \fBa->pub_key\fR and \fBa->priv_key\fR. +.PP +The \s-1PRNG\s0 must be seeded prior to calling \fIDSA_generate_key()\fR. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIDSA_generate_key()\fR returns 1 on success, 0 otherwise. +The error codes can be obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), err(3), rand(3), DSA_generate_parameters(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_generate_key()\fR is available since SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 new file mode 100644 index 0000000..288c5e2 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:14 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_GENERATE_PARAMETERS 1" +.TH DSA_GENERATE_PARAMETERS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_generate_parameters \- generate \s-1DSA\s0 parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 3 +\& DSA *DSA_generate_parameters(int bits, unsigned char *seed, +\& int seed_len, int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_generate_parameters()\fR generates primes p and q and a generator g +for use in the \s-1DSA\s0. +.PP +\&\fBbits\fR is the length of the prime to be generated; the \s-1DSS\s0 allows a +maximum of 1024 bits. +.PP +If \fBseed\fR is \fB\s-1NULL\s0\fR or \fBseed_len\fR < 20, the primes will be +generated at random. Otherwise, the seed is used to generate +them. If the given seed does not yield a prime q, a new random +seed is chosen and placed at \fBseed\fR. +.PP +\&\fIDSA_generate_parameters()\fR places the iteration count in +*\fBcounter_ret\fR and a counter used for finding a generator in +*\fBh_ret\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +A callback function may be used to provide feedback about the progress +of the key generation. If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it will be +called as follows: +.Ip "\(bu" 4 +When a candidate for q is generated, \fBcallback(0, m++, cb_arg)\fR is called +(m is 0 for the first candidate). +.Ip "\(bu" 4 +When a candidate for q has passed a test by trial division, +\&\fBcallback(1, \-1, cb_arg)\fR is called. +While a candidate for q is tested by Miller-Rabin primality tests, +\&\fBcallback(1, i, cb_arg)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime); +i is the loop counter (starting at 0). +.Ip "\(bu" 4 +When a prime q has been found, \fBcallback(2, 0, cb_arg)\fR and +\&\fBcallback(3, 0, cb_arg)\fR are called. +.Ip "\(bu" 4 +Before a candidate for p (other than the first) is generated and tested, +\&\fBcallback(0, counter, cb_arg)\fR is called. +.Ip "\(bu" 4 +When a candidate for p has passed the test by trial division, +\&\fBcallback(1, \-1, cb_arg)\fR is called. +While it is tested by the Miller-Rabin primality test, +\&\fBcallback(1, i, cb_arg)\fR is called in the outer loop +(once for each witness that confirms that the candidate may be prime). +i is the loop counter (starting at 0). +.Ip "\(bu" 4 +When p has been found, \fBcallback(2, 1, cb_arg)\fR is called. +.Ip "\(bu" 4 +When the generator has been found, \fBcallback(3, 1, cb_arg)\fR is called. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIDSA_generate_parameters()\fR returns a pointer to the \s-1DSA\s0 structure, or +\&\fB\s-1NULL\s0\fR if the parameter generation fails. The error codes can be +obtained by ERR_get_error(3). +.SH "BUGS" +.IX Header "BUGS" +Seed lengths > 20 are not supported. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), err(3), rand(3), +DSA_free(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_generate_parameters()\fR appeared in SSLeay 0.8. The \fBcb_arg\fR +argument was added in SSLeay 0.9.0. +In versions up to OpenSSL 0.9.4, \fBcallback(1, ...)\fR was called +in the inner loop of the Miller-Rabin test whenever it reached the +squaring step (the parameters to \fBcallback\fR did not reveal how many +witnesses had been tested); since OpenSSL 0.9.5, \fBcallback(1, ...)\fR +is called as in \fIBN_is_prime\fR\|(3), i.e. once for each witness. +=cut diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 new file mode 100644 index 0000000..7ed1279 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:16 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_GET_EX_NEW_INDEX 1" +.TH DSA_GET_EX_NEW_INDEX 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/DSA.h> +.Ve +.Vb 4 +\& int DSA_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int DSA_set_ex_data(DSA *d, int idx, void *arg); +.Ve +.Vb 1 +\& char *DSA_get_ex_data(DSA *d, int idx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions handle application specific data in \s-1DSA\s0 +structures. Their usage is identical to that of +\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR +as described in \fIRSA_get_ex_new_index\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +RSA_get_ex_new_index(3), dsa(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_get_ex_new_index()\fR, \fIDSA_set_ex_data()\fR and \fIDSA_get_ex_data()\fR are +available since OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 new file mode 100644 index 0000000..33fc6b8 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:18 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_NEW 1" +.TH DSA_NEW 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& DSA* DSA_new(void); +.Ve +.Vb 1 +\& void DSA_free(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_new()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure. +.PP +\&\fIDSA_free()\fR frees the \fB\s-1DSA\s0\fR structure and its components. The values are +erased before the memory is returned to the system. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIDSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by +ERR_get_error(3). Otherwise it returns a pointer +to the newly allocated structure. +.PP +\&\fIDSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), err(3), +DSA_generate_parameters(3), +DSA_generate_key(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_new()\fR and \fIDSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 new file mode 100644 index 0000000..f3e095b --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:21 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_SET_METHOD 1" +.TH DSA_SET_METHOD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_set_default_method, DSA_get_default_method, DSA_set_method, +DSA_new_method, DSA_OpenSSL \- select \s-1DSA\s0 method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& void DSA_set_default_method(DSA_METHOD *meth); +.Ve +.Vb 1 +\& DSA_METHOD *DSA_get_default_method(void); +.Ve +.Vb 1 +\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); +.Ve +.Vb 1 +\& DSA *DSA_new_method(DSA_METHOD *meth); +.Ve +.Vb 1 +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1DSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1DSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. +.PP +Initially, the default is to use the OpenSSL internal implementation. +\&\fIDSA_OpenSSL()\fR returns a pointer to that method. +.PP +\&\fIDSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1DSA\s0\fR +structures created later. +.PP +\&\fIDSA_get_default_method()\fR returns a pointer to the current default +method. +.PP +\&\fIDSA_set_method()\fR selects \fBmeth\fR for all operations using the structure \fBdsa\fR. +.PP +\&\fIDSA_new_method()\fR allocates and initializes a \fB\s-1DSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1DSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE DSA_METHOD STRUCTURE" +.IX Header "THE DSA_METHOD STRUCTURE" +struct + { + /* name of the implementation */ + const char *name; +.PP +.Vb 3 +\& /* sign */ +\& DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, +\& DSA *dsa); +.Ve +.Vb 3 +\& /* pre-compute k^-1 and r */ +\& int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, +\& BIGNUM **rp); +.Ve +.Vb 3 +\& /* verify */ +\& int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.Vb 5 +\& /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some +\& implementations) */ +\& int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, +\& BIGNUM *a2, BIGNUM *p2, BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *in_mont); +.Ve +.Vb 4 +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, +\& const BIGNUM *p, const BIGNUM *m, +\& BN_CTX *ctx, BN_MONT_CTX *m_ctx); +.Ve +.Vb 2 +\& /* called at DSA_new */ +\& int (*init)(DSA *DSA); +.Ve +.Vb 2 +\& /* called at DSA_free */ +\& int (*finish)(DSA *DSA); +.Ve +.Vb 1 +\& int flags; +.Ve +.Vb 1 +\& char *app_data; /* ?? */ +.Ve +.Vb 1 +\& } DSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_OpenSSL()\fR and \fIDSA_get_default_method()\fR return pointers to the +respective \fB\s-1DSA_METHOD\s0\fRs. +.PP +\&\fIDSA_set_default_method()\fR returns no value. +.PP +\&\fIDSA_set_method()\fR returns a pointer to the \fB\s-1DSA_METHOD\s0\fR previously +associated with \fBdsa\fR. +.PP +\&\fIDSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be +obtained by ERR_get_error(3) if the allocation +fails. Otherwise it returns a pointer to the newly allocated +structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), DSA_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_set_default_method()\fR, \fIDSA_get_default_method()\fR, \fIDSA_set_method()\fR, +\&\fIDSA_new_method()\fR and \fIDSA_OpenSSL()\fR were added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 new file mode 100644 index 0000000..98136e9 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:23 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_SIGN 1" +.TH DSA_SIGN 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 2 +\& int DSA_sign(int type, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +.Ve +.Vb 2 +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, +\& BIGNUM **rp); +.Ve +.Vb 2 +\& int DSA_verify(int type, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIDSA_sign()\fR computes a digital signature on the \fBlen\fR byte message +digest \fBdgst\fR using the private key \fBdsa\fR and places its \s-1ASN\s0.1 \s-1DER\s0 +encoding at \fBsigret\fR. The length of the signature is places in +*\fBsiglen\fR. \fBsigret\fR must point to DSA_size(\fBdsa\fR) bytes of memory. +.PP +\&\fIDSA_sign_setup()\fR may be used to precompute part of the signing +operation in case signature generation is time-critical. It expects +\&\fBdsa\fR to contain \s-1DSA\s0 parameters. It places the precomputed values +in newly allocated \fB\s-1BIGNUM\s0\fRs at *\fBkinvp\fR and *\fBrp\fR, after freeing +the old ones unless *\fBkinvp\fR and *\fBrp\fR are \s-1NULL\s0. These values may +be passed to \fIDSA_sign()\fR in \fBdsa->kinv\fR and \fBdsa->r\fR. +\&\fBctx\fR is a pre-allocated \fB\s-1BN_CTX\s0\fR or \s-1NULL\s0. +.PP +\&\fIDSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBdgst\fR of size \fBlen\fR. +\&\fBdsa\fR is the signer's public key. +.PP +The \fBtype\fR parameter is ignored. +.PP +The \s-1PRNG\s0 must be seeded before \fIDSA_sign()\fR (or \fIDSA_sign_setup()\fR) +is called. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIDSA_sign()\fR and \fIDSA_sign_setup()\fR return 1 on success, 0 on error. +\&\fIDSA_verify()\fR returns 1 for a valid signature, 0 for an incorrect +signature and \-1 on error. The error codes can be obtained by +ERR_get_error(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), err(3), rand(3), +DSA_do_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_sign()\fR and \fIDSA_verify()\fR are available in all versions of SSLeay. +\&\fIDSA_sign_setup()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 new file mode 100644 index 0000000..ca605f2 --- /dev/null +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:25 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA_SIZE 1" +.TH DSA_SIZE 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +DSA_size \- get \s-1DSA\s0 signature size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 1 +\& int DSA_size(DSA *dsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function returns the size of an \s-1ASN\s0.1 encoded \s-1DSA\s0 signature in +bytes. It can be used to determine how much memory must be allocated +for a \s-1DSA\s0 signature. +.PP +\&\fBdsa->q\fR must not be \fB\s-1NULL\s0\fR. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +The size in bytes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(3), DSA_sign(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIDSA_size()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 new file mode 100644 index 0000000..febbf12 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:27 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_GET_LIB 1" +.TH ERR_GET_LIB 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and +reason code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 1 +\& int ERR_GET_LIB(unsigned long e); +.Ve +.Vb 1 +\& int ERR_GET_FUNC(unsigned long e); +.Ve +.Vb 1 +\& int ERR_GET_REASON(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The error code returned by \fIERR_get_error()\fR consists of a library +number, function code and reason code. \fIERR_GET_LIB()\fR, \fIERR_GET_FUNC()\fR +and \fIERR_GET_REASON()\fR can be used to extract these. +.PP +The library number and function code describe where the error +occurred, the reason code is the information about what went wrong. +.PP +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. Note that different +libraries may use the same value to signal different functions and +reasons. +.PP +\&\fB\s-1ERR_R_\s0...\fR reason codes such as \fB\s-1ERR_R_MALLOC_FAILURE\s0\fR are globally +unique. However, when checking for sub-library specific reason codes, +be sure to also compare the library number. +.PP +\&\fIERR_GET_LIB()\fR, \fIERR_GET_FUNC()\fR and \fIERR_GET_REASON()\fR are macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The library number, function code and reason code respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_GET_LIB()\fR, \fIERR_GET_FUNC()\fR and \fIERR_GET_REASON()\fR are available in +all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 new file mode 100644 index 0000000..9b579b0 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -0,0 +1,164 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:30 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_CLEAR_ERROR 1" +.TH ERR_CLEAR_ERROR 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_clear_error \- clear the error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 1 +\& void ERR_clear_error(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_clear_error()\fR empties the current thread's error queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_clear_error()\fR has no return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_get_error(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_clear_error()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 new file mode 100644 index 0000000..acbdc15 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -0,0 +1,210 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_ERROR_STRING 1" +.TH ERR_ERROR_STRING 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_error_string, ERR_error_string_n, ERR_lib_error_string, +ERR_func_error_string, ERR_reason_error_string \- obtain human-readable +error message +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 2 +\& char *ERR_error_string(unsigned long e, char *buf); +\& char *ERR_error_string_n(unsigned long e, char *buf, size_t len); +.Ve +.Vb 3 +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_func_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_error_string()\fR generates a human-readable string representing the +error code \fIe\fR, and places it at \fIbuf\fR. \fIbuf\fR must be at least 120 +bytes long. If \fIbuf\fR is \fB\s-1NULL\s0\fR, the error string is placed in a +static buffer. +\&\fIERR_error_string_n()\fR is a variant of \fIERR_error_string()\fR that writes +at most \fIlen\fR characters (including the terminating 0) +and truncates the string if necessary. +For \fIERR_error_string_n()\fR, \fIbuf\fR may not be \fB\s-1NULL\s0\fR. +.PP +The string will have the following format: +.PP +.Vb 1 +\& error:[error code]:[library name]:[function name]:[reason string] +.Ve +\&\fIerror code\fR is an 8 digit hexadecimal number, \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text. +.PP +\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and +\&\fIERR_reason_error_string()\fR return the library name, function +name and reason string respectively. +.PP +The OpenSSL error strings should be loaded by calling +ERR_load_crypto_strings(3) or, for \s-1SSL\s0 +applications, SSL_load_error_strings(3) +first. +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.PP +ERR_print_errors(3) can be used to print +all error codes currently in the queue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_error_string()\fR returns a pointer to a static buffer containing the +string if \fIbuf\fR \fB== \s-1NULL\s0\fR, \fIbuf\fR otherwise. +.PP +\&\fIERR_lib_error_string()\fR, \fIERR_func_error_string()\fR and +\&\fIERR_reason_error_string()\fR return the strings, and \fB\s-1NULL\s0\fR if +none is registered for the error code. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_get_error(3), +ERR_load_crypto_strings(3), +SSL_load_error_strings(3) +ERR_print_errors(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_error_string()\fR is available in all versions of SSLeay and OpenSSL. +\&\fIERR_error_string_n()\fR was added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 new file mode 100644 index 0000000..425cb68 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:34 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_GET_ERROR 1" +.TH ERR_GET_ERROR 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line, +ERR_get_error_line_data, ERR_peek_error_line_data \- obtain error code and data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 2 +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +.Ve +.Vb 2 +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +.Ve +.Vb 4 +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_get_error()\fR returns the last error code from the thread's error +queue and removes the entry. This function can be called repeatedly +until there are no more error codes to return. +.PP +\&\fIERR_peek_error()\fR returns the last error code from the thread's +error queue without modifying it. +.PP +See ERR_GET_LIB(3) for obtaining information about +location and reason of the error, and +ERR_error_string(3) for human-readable error +messages. +.PP +\&\fIERR_get_error_line()\fR and \fIERR_peek_error_line()\fR are the same as the +above, but they additionally store the file name and line number where +the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. +.PP +\&\fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR store +additional data and flags associated with the error code in *\fBdata\fR +and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string +if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR. If it has been allocated by \fIOPENSSL_malloc()\fR, +*\fBflags\fR&\fB\s-1ERR_TXT_MALLOCED\s0\fR is true. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The error code, or 0 if there is no error in the queue. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_error_string(3), +ERR_GET_LIB(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_get_error()\fR, \fIERR_peek_error()\fR, \fIERR_get_error_line()\fR and +\&\fIERR_peek_error_line()\fR are available in all versions of SSLeay and +OpenSSL. \fIERR_get_error_line_data()\fR and \fIERR_peek_error_line_data()\fR +were added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 new file mode 100644 index 0000000..82b6743 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:36 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_LOAD_CRYPTO_STRINGS 1" +.TH ERR_LOAD_CRYPTO_STRINGS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \- +load and free error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 2 +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +.Ve +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_load_error_strings(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_load_crypto_strings()\fR registers the error strings for all +\&\fBlibcrypto\fR functions. \fISSL_load_error_strings()\fR does the same, +but also registers the \fBlibssl\fR error strings. +.PP +One of these functions should be called before generating +textual error messages. However, this is not required when memory +usage is an issue. +.PP +\&\fIERR_free_strings()\fR frees all previously loaded error strings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_load_crypto_strings()\fR, \fISSL_load_error_strings()\fR and +\&\fIERR_free_strings()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_error_string(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_load_error_strings()\fR, \fISSL_load_error_strings()\fR and +\&\fIERR_free_strings()\fR are available in all versions of SSLeay and +OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 new file mode 100644 index 0000000..8e52a45 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:38 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_LOAD_STRINGS 1" +.TH ERR_LOAD_STRINGS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load +arbitrary error strings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 1 +\& void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +.Ve +.Vb 1 +\& int ERR_get_next_error_library(void); +.Ve +.Vb 1 +\& unsigned long ERR_PACK(int lib, int func, int reason); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_load_strings()\fR registers error strings for library number \fBlib\fR. +.PP +\&\fBstr\fR is an array of error string data: +.PP +.Vb 5 +\& typedef struct ERR_string_data_st +\& { +\& unsigned long error; +\& char *string; +\& } ERR_STRING_DATA; +.Ve +The error code is generated from the library number and a function and +reason code: \fBerror\fR = ERR_PACK(\fBlib\fR, \fBfunc\fR, \fBreason\fR). +\&\fIERR_PACK()\fR is a macro. +.PP +The last entry in the array is {0,0}. +.PP +\&\fIERR_get_next_error_library()\fR can be used to assign library numbers +to user libraries at runtime. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIERR_load_strings()\fR returns no value. \fIERR_PACK()\fR return the error code. +\&\fIERR_get_next_error_library()\fR returns a new library number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_load_strings(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_load_error_strings()\fR and \fIERR_PACK()\fR are available in all versions +of SSLeay and OpenSSL. \fIERR_get_next_error_library()\fR was added in +SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 new file mode 100644 index 0000000..c95ee92 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:40 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_PRINT_ERRORS 1" +.TH ERR_PRINT_ERRORS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_print_errors, ERR_print_errors_fp \- print error messages +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 2 +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_print_errors()\fR is a convenience function that prints the error +strings for all errors that OpenSSL has recorded to \fBbp\fR, thus +emptying the error queue. +.PP +\&\fIERR_print_errors_fp()\fR is the same, except that the output goes to a +\&\fB\s-1FILE\s0\fR. +.PP +The error strings will have the following format: +.PP +.Vb 1 +\& [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] +.Ve +\&\fIerror code\fR is an 8 digit hexadecimal number. \fIlibrary name\fR, +\&\fIfunction name\fR and \fIreason string\fR are \s-1ASCII\s0 text, as is \fIoptional +text message\fR if one was set for the respective error code. +.PP +If there is no text string registered for the given error code, +the error string will contain the numeric code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR return no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_error_string(3), +ERR_get_error(3), +ERR_load_crypto_strings(3), +SSL_load_error_strings(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_print_errors()\fR and \fIERR_print_errors_fp()\fR +are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 new file mode 100644 index 0000000..952d112 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:43 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_PUT_ERROR 1" +.TH ERR_PUT_ERROR 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_put_error, ERR_add_error_data \- record an error +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 2 +\& void ERR_put_error(int lib, int func, int reason, const char *file, +\& int line); +.Ve +.Vb 1 +\& void ERR_add_error_data(int num, ...); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_put_error()\fR adds an error code to the thread's error queue. It +signals that the error of reason code \fBreason\fR occurred in function +\&\fBfunc\fR of library \fBlib\fR, in line number \fBline\fR of \fBfile\fR. +This function is usually called by a macro. +.PP +\&\fIERR_add_error_data()\fR associates the concatenation of its \fBnum\fR string +arguments with the error code added last. +.PP +ERR_load_strings(3) can be used to register +error strings so that the application can a generate human-readable +error messages for the error code. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIERR_put_error()\fR and \fIERR_add_error_data()\fR return +no values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), ERR_load_strings(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_put_error()\fR is available in all versions of SSLeay and OpenSSL. +\&\fIERR_add_error_data()\fR was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 new file mode 100644 index 0000000..1b37135 --- /dev/null +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -0,0 +1,169 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:45 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR_REMOVE_STATE 1" +.TH ERR_REMOVE_STATE 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ERR_remove_state \- free a thread's error queue +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 1 +\& void ERR_remove_state(unsigned long pid); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIERR_remove_state()\fR frees the error queue associated with thread \fBpid\fR. +If \fBpid\fR == 0, the current thread will have its error queue removed. +.PP +Since error queue data structures are allocated automatically for new +threads, they must be freed when threads are terminated in order to +avoid memory leaks. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIERR_remove_state()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIERR_remove_state()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 new file mode 100644 index 0000000..ee9f78b --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -0,0 +1,349 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:47 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_DIGESTINIT 1" +.TH EVP_DIGESTINIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0, +EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, +EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, +EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, +EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj \- +\&\s-1EVP\s0 digest routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 4 +\& void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, +\& unsigned int *s); +.Ve +.Vb 1 +\& #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ +.Ve +.Vb 1 +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); +.Ve +.Vb 4 +\& #define EVP_MD_type(e) ((e)->type) +\& #define EVP_MD_pkey_type(e) ((e)->pkey_type) +\& #define EVP_MD_size(e) ((e)->md_size) +\& #define EVP_MD_block_size(e) ((e)->block_size) +.Ve +.Vb 4 +\& #define EVP_MD_CTX_md(e) (e)->digest) +\& #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) +\& #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) +\& #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) +.Ve +.Vb 9 +\& EVP_MD *EVP_md_null(void); +\& EVP_MD *EVP_md2(void); +\& EVP_MD *EVP_md5(void); +\& EVP_MD *EVP_sha(void); +\& EVP_MD *EVP_sha1(void); +\& EVP_MD *EVP_dss(void); +\& EVP_MD *EVP_dss1(void); +\& EVP_MD *EVP_mdc2(void); +\& EVP_MD *EVP_ripemd160(void); +.Ve +.Vb 3 +\& const EVP_MD *EVP_get_digestbyname(const char *name); +\& #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) +\& #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 digest routines are a high level interface to message digests. +.PP +\&\fIEVP_DigestInit()\fR initializes a digest context \fBctx\fR to use a digest +\&\fBtype\fR: this will typically be supplied by a function such as +\&\fIEVP_sha1()\fR. +.PP +\&\fIEVP_DigestUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +digest context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to hash additional data. +.PP +\&\fIEVP_DigestFinal()\fR retrieves the digest value from \fBctx\fR and places +it in \fBmd\fR. If the \fBs\fR parameter is not \s-1NULL\s0 then the number of +bytes of data written (i.e. the length of the digest) will be written +to the integer at \fBs\fR, at most \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes will be written. +After calling \fIEVP_DigestFinal()\fR no additional calls to \fIEVP_DigestUpdate()\fR +can be made, but \fIEVP_DigestInit()\fR can be called to initialize a new +digest operation. +.PP +\&\fIEVP_MD_CTX_copy()\fR can be used to copy the message digest state from +\&\fBin\fR to \fBout\fR. This is useful if large amounts of data are to be +hashed which only differ in the last few bytes. +.PP +\&\fIEVP_MD_size()\fR and \fIEVP_MD_CTX_size()\fR return the size of the message digest +when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure, i.e. the size of the +hash. +.PP +\&\fIEVP_MD_block_size()\fR and \fIEVP_MD_CTX_block_size()\fR return the block size of the +message digest when passed an \fB\s-1EVP_MD\s0\fR or an \fB\s-1EVP_MD_CTX\s0\fR structure. +.PP +\&\fIEVP_MD_type()\fR and \fIEVP_MD_CTX_type()\fR return the \s-1NID\s0 of the \s-1OBJECT\s0 \s-1IDENTIFIER\s0 +representing the given message digest when passed an \fB\s-1EVP_MD\s0\fR structure. +For example EVP_MD_type(\fIEVP_sha1()\fR) returns \fBNID_sha1\fR. This function is +normally used when setting \s-1ASN1\s0 OIDs. +.PP +\&\fIEVP_MD_CTX_md()\fR returns the \fB\s-1EVP_MD\s0\fR structure corresponding to the passed +\&\fB\s-1EVP_MD_CTX\s0\fR. +.PP +\&\fIEVP_MD_pkey_type()\fR returns the \s-1NID\s0 of the public key signing algorithm associated +with this digest. For example \fIEVP_sha1()\fR is associated with \s-1RSA\s0 so this will +return \fBNID_sha1WithRSAEncryption\fR. This \*(L"link\*(R" between digests and signature +algorithms may not be retained in future versions of OpenSSL. +.PP +\&\fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR +return \fB\s-1EVP_MD\s0\fR structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1MDC2\s0 and \s-1RIPEMD160\s0 digest +algorithms respectively. The associated signature algorithm is \s-1RSA\s0 in each case. +.PP +\&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest +algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. +.PP +\&\fIEVP_md_null()\fR is a \*(L"null\*(R" message digest that does nothing: i.e. the hash it +returns is of zero length. +.PP +\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR +return an \fB\s-1EVP_MD\s0\fR structure when passed a digest name, a digest \s-1NID\s0 or +an \s-1ASN1_OBJECT\s0 structure respectively. The digest table must be initialized +using, for example, \fIOpenSSL_add_all_digests()\fR for these functions to work. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR do not return values. +.PP +\&\fIEVP_MD_CTX_copy()\fR returns 1 if successful or 0 for failure. +.PP +\&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the +corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. +.PP +\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size\fR\|(e), \fIEVP_MD_size()\fR, +\&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block +size in bytes. +.PP +\&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR, +\&\fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return pointers to the +corresponding \s-1EVP_MD\s0 structures. +.PP +\&\fIEVP_get_digestbyname()\fR, \fIEVP_get_digestbynid()\fR and \fIEVP_get_digestbyobj()\fR +return either an \fB\s-1EVP_MD\s0\fR structure or \s-1NULL\s0 if an error occurs. +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to message digests should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the digest used and much more flexible. +.PP +\&\s-1SHA1\s0 is the digest of choice for new applications. The other digest algorithms +are still in common use. +.SH "EXAMPLE" +.IX Header "EXAMPLE" +This example digests the data \*(L"Test Message\en\*(R" and \*(L"Hello World\en\*(R", using the +digest name passed on the command line. +.PP +.Vb 2 +\& #include <stdio.h> +\& #include <openssl/evp.h> +.Ve +.Vb 8 +\& main(int argc, char *argv[]) +\& { +\& EVP_MD_CTX mdctx; +\& const EVP_MD *md; +\& char mess1[] = "Test Message\en"; +\& char mess2[] = "Hello World\en"; +\& unsigned char md_value[EVP_MAX_MD_SIZE]; +\& int md_len, i; +.Ve +.Vb 1 +\& OpenSSL_add_all_digests(); +.Ve +.Vb 4 +\& if(!argv[1]) { +\& printf("Usage: mdtest digestname\en"); +\& exit(1); +\& } +.Ve +.Vb 1 +\& md = EVP_get_digestbyname(argv[1]); +.Ve +.Vb 4 +\& if(!md) { +\& printf("Unknown message digest %s\en", argv[1]); +\& exit(1); +\& } +.Ve +.Vb 4 +\& EVP_DigestInit(&mdctx, md); +\& EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); +\& EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); +\& EVP_DigestFinal(&mdctx, md_value, &md_len); +.Ve +.Vb 4 +\& printf("Digest is: "); +\& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); +\& printf("\en"); +\& } +.Ve +.SH "BUGS" +.IX Header "BUGS" +Several of the functions do not return values: maybe they should. Although the +internal digest operations will never fail some future hardware based operations +might. +.PP +The link between digests and signing algorithms results in a situation where +\&\fIEVP_sha1()\fR must be used with \s-1RSA\s0 and \fIEVP_dss1()\fR must be used with \s-1DSS\s0 +even though they are identical digests. +.PP +The size of an \fB\s-1EVP_MD_CTX\s0\fR structure is determined at compile time: this results +in code that must be recompiled if the size of \fB\s-1EVP_MD_CTX\s0\fR increases. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), hmac(3), md2(3), +md5(3), mdc2(3), ripemd(3), +sha(3), digest(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are +available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 new file mode 100644 index 0000000..de5007d --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -0,0 +1,486 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:49 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_ENCRYPTINIT 1" +.TH EVP_ENCRYPTINIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit, +EVP_DecryptUpdate, EVP_DecryptFinal, EVP_CipherInit, EVP_CipherUpdate, +EVP_CipherFinal, EVP_CIPHER_CTX_set_key_length, EVP_CIPHER_CTX_ctrl, +EVP_CIPHER_CTX_cleanup, EVP_get_cipherbyname, EVP_get_cipherbynid, +EVP_get_cipherbyobj, EVP_CIPHER_nid, EVP_CIPHER_block_size, +EVP_CIPHER_key_length, EVP_CIPHER_iv_length, EVP_CIPHER_flags, +EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, EVP_CIPHER_CTX_nid, +EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, EVP_CIPHER_CTX_iv_length, +EVP_CIPHER_CTX_get_app_data, EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, +EVP_CIPHER_CTX_flags, EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, +EVP_CIPHER_asn1_to_param \- \s-1EVP\s0 cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 6 +\& int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl); +.Ve +.Vb 6 +\& int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv); +\& int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 6 +\& int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, +\& unsigned char *key, unsigned char *iv, int enc); +\& int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, +\& int *outl); +.Ve +.Vb 3 +\& int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); +\& int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +\& int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +.Ve +.Vb 3 +\& const EVP_CIPHER *EVP_get_cipherbyname(const char *name); +\& #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) +\& #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) +.Ve +.Vb 7 +\& #define EVP_CIPHER_nid(e) ((e)->nid) +\& #define EVP_CIPHER_block_size(e) ((e)->block_size) +\& #define EVP_CIPHER_key_length(e) ((e)->key_len) +\& #define EVP_CIPHER_iv_length(e) ((e)->iv_len) +\& #define EVP_CIPHER_flags(e) ((e)->flags) +\& #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) +\& int EVP_CIPHER_type(const EVP_CIPHER *ctx); +.Ve +.Vb 10 +\& #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) +\& #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) +\& #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) +\& #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) +\& #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) +\& #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) +\& #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +\& #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) +\& #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) +\& #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) +.Ve +.Vb 2 +\& int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +\& int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 cipher routines are a high level interface to certain +symmetric ciphers. +.PP +\&\fIEVP_EncryptInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR. \fBtype\fR is normally supplied by a function such +as \fIEVP_des_cbc()\fR . \fBkey\fR is the symmetric key to use and \fBiv\fR is the +\&\s-1IV\s0 to use (if necessary), the actual number of bytes used for the +key and \s-1IV\s0 depends on the cipher. It is possible to set all parameters +to \s-1NULL\s0 except \fBtype\fR in an initial call and supply the remaining +parameters in subsequent calls, all of which have \fBtype\fR set to \s-1NULL\s0. +This is done when the default cipher parameters are not appropriate. +.PP +\&\fIEVP_EncryptUpdate()\fR encrypts \fBinl\fR bytes from the buffer \fBin\fR and +writes the encrypted version to \fBout\fR. This function can be called +multiple times to encrypt successive blocks of data. The amount +of data written depends on the block alignment of the encrypted data: +as a result the amount of data written may be anything from zero bytes +to (inl + cipher_block_size \- 1) so \fBoutl\fR should contain sufficient +room. The actual number of bytes written is placed in \fBoutl\fR. +.PP +\&\fIEVP_EncryptFinal()\fR encrypts the \*(L"final\*(R" data, that is any data that +remains in a partial block. It uses standard block padding (aka \s-1PKCS\s0 +padding). The encrypted final data is written to \fBout\fR which should +have sufficient space for one cipher block. The number of bytes written +is placed in \fBoutl\fR. After this function is called the encryption operation +is finished and no further calls to \fIEVP_EncryptUpdate()\fR should be made. +.PP +\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR are the +corresponding decryption operations. \fIEVP_DecryptFinal()\fR will return an +error code if the final block is not correctly formatted. The parameters +and restrictions are identical to the encryption operations except that +the decrypted data buffer \fBout\fR passed to \fIEVP_DecryptUpdate()\fR should +have sufficient room for (\fBinl\fR + cipher_block_size) bytes unless the +cipher block size is 1 in which case \fBinl\fR bytes is sufficient. +.PP +\&\fIEVP_CipherInit()\fR, \fIEVP_CipherUpdate()\fR and \fIEVP_CipherFinal()\fR are functions +that can be used for decryption or encryption. The operation performed +depends on the value of the \fBenc\fR parameter. It should be set to 1 for +encryption, 0 for decryption and \-1 to leave the value unchanged (the +actual value of 'enc' being supplied in a previous call). +.PP +\&\fIEVP_CIPHER_CTX_cleanup()\fR clears all information from a cipher context. +It should be called after all operations using a cipher are complete +so sensitive information does not remain in memory. +.PP +\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +return an \s-1EVP_CIPHER\s0 structure when passed a cipher name, a \s-1NID\s0 or an +\&\s-1ASN1_OBJECT\s0 structure. +.PP +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return the \s-1NID\s0 of a cipher when +passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR structure. The actual \s-1NID\s0 +value is an internal value which may not have a corresponding \s-1OBJECT\s0 +\&\s-1IDENTIFIER\s0. +.PP +\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_KEY_LENGTH\s0\fR is the maximum key length +for all ciphers. Note: although \fIEVP_CIPHER_key_length()\fR is fixed for a +given cipher, the value of \fIEVP_CIPHER_CTX_key_length()\fR may be different +for variable key length ciphers. +.PP +\&\fIEVP_CIPHER_CTX_set_key_length()\fR sets the key length of the cipher ctx. +If the cipher is a fixed length cipher then attempting to set the key +length to any value other than the fixed value is an error. +.PP +\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR. +It will return zero if the cipher does not use an \s-1IV\s0. The constant +\&\fB\s-1EVP_MAX_IV_LENGTH\s0\fR is the maximum \s-1IV\s0 length for all ciphers. +.PP +\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +size of a cipher when passed an \fB\s-1EVP_CIPHER\s0\fR or \fB\s-1EVP_CIPHER_CTX\s0\fR +structure. The constant \fB\s-1EVP_MAX_IV_LENGTH\s0\fR is also the maximum block +length for all ciphers. +.PP +\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the type of the passed +cipher or context. This \*(L"type\*(R" is the actual \s-1NID\s0 of the cipher \s-1OBJECT\s0 +\&\s-1IDENTIFIER\s0 as such it ignores the cipher parameters and 40 bit \s-1RC2\s0 and +128 bit \s-1RC2\s0 have the same \s-1NID\s0. If the cipher does not have an object +identifier or does not have \s-1ASN1\s0 support this function will return +\&\fBNID_undef\fR. +.PP +\&\fIEVP_CIPHER_CTX_cipher()\fR returns the \fB\s-1EVP_CIPHER\s0\fR structure when passed +an \fB\s-1EVP_CIPHER_CTX\s0\fR structure. +.PP +\&\fIEVP_CIPHER_mode()\fR and \fIEVP_CIPHER_CTX_mode()\fR return the block cipher mode: +\&\s-1EVP_CIPH_ECB_MODE\s0, \s-1EVP_CIPH_CBC_MODE\s0, \s-1EVP_CIPH_CFB_MODE\s0 or +\&\s-1EVP_CIPH_OFB_MODE\s0. If the cipher is a stream cipher then +\&\s-1EVP_CIPH_STREAM_CIPHER\s0 is returned. +.PP +\&\fIEVP_CIPHER_param_to_asn1()\fR sets the AlgorithmIdentifier \*(L"parameter\*(R" based +on the passed cipher. This will typically include any parameters and an +\&\s-1IV\s0. The cipher \s-1IV\s0 (if any) must be set when this call is made. This call +should be made before the cipher is actually \*(L"used\*(R" (before any +\&\fIEVP_EncryptUpdate()\fR, \fIEVP_DecryptUpdate()\fR calls for example). This function +may fail if the cipher does not have any \s-1ASN1\s0 support. +.PP +\&\fIEVP_CIPHER_asn1_to_param()\fR sets the cipher parameters based on an \s-1ASN1\s0 +AlgorithmIdentifier \*(L"parameter\*(R". The precise effect depends on the cipher +In the case of \s-1RC2\s0, for example, it will set the \s-1IV\s0 and effective key length. +This function should be called after the base cipher type is set but before +the key is set. For example \fIEVP_CipherInit()\fR will be called with the \s-1IV\s0 and +key set to \s-1NULL\s0, \fIEVP_CIPHER_asn1_to_param()\fR will be called and finally +\&\fIEVP_CipherInit()\fR again with all parameters except the key set to \s-1NULL\s0. It is +possible for this function to fail if the cipher does not have any \s-1ASN1\s0 support +or the parameters cannot be set (for example the \s-1RC2\s0 effective key length +is not supported. +.PP +\&\fIEVP_CIPHER_CTX_ctrl()\fR allows various cipher specific parameters to be determined +and set. Currently only the \s-1RC2\s0 effective key length and the number of rounds of +\&\s-1RC5\s0 can be set. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR return 1 for success +and 0 for failure. +.PP +\&\fIEVP_DecryptInit()\fR and \fIEVP_DecryptUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_DecryptFinal()\fR returns 0 if the decrypt failed or 1 for success. +.PP +\&\fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR return 1 for success and 0 for failure. +\&\fIEVP_CipherFinal()\fR returns 1 for a decryption failure or 1 for success. +.PP +\&\fIEVP_CIPHER_CTX_cleanup()\fR returns 1 for success and 0 for failure. +.PP +\&\fIEVP_get_cipherbyname()\fR, \fIEVP_get_cipherbynid()\fR and \fIEVP_get_cipherbyobj()\fR +return an \fB\s-1EVP_CIPHER\s0\fR structure or \s-1NULL\s0 on error. +.PP +\&\fIEVP_CIPHER_nid()\fR and \fIEVP_CIPHER_CTX_nid()\fR return a \s-1NID\s0. +.PP +\&\fIEVP_CIPHER_block_size()\fR and \fIEVP_CIPHER_CTX_block_size()\fR return the block +size. +.PP +\&\fIEVP_CIPHER_key_length()\fR and \fIEVP_CIPHER_CTX_key_length()\fR return the key +length. +.PP +\&\fIEVP_CIPHER_iv_length()\fR and \fIEVP_CIPHER_CTX_iv_length()\fR return the \s-1IV\s0 +length or zero if the cipher does not use an \s-1IV\s0. +.PP +\&\fIEVP_CIPHER_type()\fR and \fIEVP_CIPHER_CTX_type()\fR return the \s-1NID\s0 of the cipher's +\&\s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if it has no defined \s-1OBJECT\s0 \s-1IDENTIFIER\s0. +.PP +\&\fIEVP_CIPHER_CTX_cipher()\fR returns an \fB\s-1EVP_CIPHER\s0\fR structure. +.PP +\&\fIEVP_CIPHER_param_to_asn1()\fR and \fIEVP_CIPHER_asn1_to_param()\fR return 1 for +success or zero for failure. +.SH "CIPHER LISTING" +.IX Header "CIPHER LISTING" +All algorithms have a fixed key length unless otherwise stated. +.Ip "\fIEVP_enc_null()\fR" 4 +.IX Item "EVP_enc_null()" +Null cipher: does nothing. +.Ip "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" 4 +.IX Item "EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)" +\&\s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.Ip "EVP_des_ede_cbc(void), \fIEVP_des_ede()\fR, EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" 4 +.IX Item "EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void)" +Two key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.Ip "EVP_des_ede3_cbc(void), \fIEVP_des_ede3()\fR, EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" 4 +.IX Item "EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void)" +Three key triple \s-1DES\s0 in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.Ip "EVP_desx_cbc(void)" 4 +.IX Item "EVP_desx_cbc(void)" +\&\s-1DESX\s0 algorithm in \s-1CBC\s0 mode. +.Ip "EVP_rc4(void)" 4 +.IX Item "EVP_rc4(void)" +\&\s-1RC4\s0 stream cipher. This is a variable key length cipher with default key length 128 bits. +.Ip "EVP_rc4_40(void)" 4 +.IX Item "EVP_rc4_40(void)" +\&\s-1RC4\s0 stream cipher with 40 bit key length. This is obsolete and new code should use \fIEVP_rc4()\fR +and the \fIEVP_CIPHER_CTX_set_key_length()\fR function. +.Ip "\fIEVP_idea_cbc()\fR EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" 4 +.IX Item "EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)" +\&\s-1IDEA\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. +.Ip "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" 4 +.IX Item "EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)" +\&\s-1RC2\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key +length cipher with an additional parameter called \*(L"effective key bits\*(R" or \*(L"effective key length\*(R". +By default both are set to 128 bits. +.Ip "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" 4 +.IX Item "EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)" +\&\s-1RC2\s0 algorithm in \s-1CBC\s0 mode with a default key length and effective key length of 40 and 64 bits. +These are obsolete and new code should use \fIEVP_rc2_cbc()\fR, \fIEVP_CIPHER_CTX_set_key_length()\fR and +\&\fIEVP_CIPHER_CTX_ctrl()\fR to set the key length and effective key length. +.Ip "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" 4 +.IX Item "EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);" +Blowfish encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key +length cipher. +.Ip "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" 4 +.IX Item "EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)" +\&\s-1CAST\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key +length cipher. +.Ip "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" 4 +.IX Item "EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)" +\&\s-1RC5\s0 encryption algorithm in \s-1CBC\s0, \s-1ECB\s0, \s-1CFB\s0 and \s-1OFB\s0 modes respectively. This is a variable key length +cipher with an additional \*(L"number of rounds\*(R" parameter. By default the key length is set to 128 +bits and 12 rounds. +.SH "NOTES" +.IX Header "NOTES" +Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the cipher used and much more flexible. +.PP +\&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total +length of the encrypted data a multiple of the block size. Padding is always +added so if the data is already a multiple of the block size \fBn\fR will equal +the block size. For example if the block size is 8 and 11 bytes are to be +encrypted then 5 padding bytes of value 5 will be added. +.PP +When decrypting the final block is checked to see if it has the correct form. +.PP +Although the decryption operation can produce an error, it is not a strong +test that the input data or key is correct. A random block has better than +1 in 256 chance of being of the correct format and problems with the +input data earlier on will not produce a final decrypt error. +.PP +The functions \fIEVP_EncryptInit()\fR, \fIEVP_EncryptUpdate()\fR, \fIEVP_EncryptFinal()\fR, +\&\fIEVP_DecryptInit()\fR, \fIEVP_DecryptUpdate()\fR, \fIEVP_CipherInit()\fR and \fIEVP_CipherUpdate()\fR +and \fIEVP_CIPHER_CTX_cleanup()\fR did not return errors in OpenSSL version 0.9.5a or +earlier. Software only versions of encryption algorithms will never return +error codes for these functions, unless there is a programming error (for example +and attempt to set the key before the cipher is set in \fIEVP_EncryptInit()\fR ). +.SH "BUGS" +.IX Header "BUGS" +For \s-1RC5\s0 the number of rounds can currently only be set to 8, 12 or 16. This is +a limitation of the current \s-1RC5\s0 code rather than the \s-1EVP\s0 interface. +.PP +It should be possible to disable \s-1PKCS\s0 padding: currently it isn't. +.PP +\&\s-1EVP_MAX_KEY_LENGTH\s0 and \s-1EVP_MAX_IV_LENGTH\s0 only refer to the internal ciphers with +default key lengths. If custom ciphers exceed these values the results are +unpredictable. This is because it has become standard practice to define a +generic key as a fixed unsigned char array containing \s-1EVP_MAX_KEY_LENGTH\s0 bytes. +.PP +The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been tested +for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Get the number of rounds used in \s-1RC5:\s0 +.PP +.Vb 2 +\& int nrounds; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &i); +.Ve +Get the \s-1RC2\s0 effective key length: +.PP +.Vb 2 +\& int key_bits; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); +.Ve +Set the number of rounds used in \s-1RC5:\s0 +.PP +.Vb 2 +\& int nrounds; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, i, NULL); +.Ve +Set the number of rounds used in \s-1RC2:\s0 +.PP +.Vb 2 +\& int nrounds; +\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, i, NULL); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 new file mode 100644 index 0000000..1309dc9 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:52 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_OPENINIT 1" +.TH EVP_OPENINIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 6 +\& int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, +\& int ekl,unsigned char *iv,EVP_PKEY *priv); +\& int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +decryption. They decrypt a public key encrypted symmetric key and +then decrypt data using it. +.PP +\&\fIEVP_OpenInit()\fR initializes a cipher context \fBctx\fR for decryption +with cipher \fBtype\fR. It decrypts the encrypted symmetric key of length +\&\fBekl\fR bytes passed in the \fBek\fR parameter using the private key \fBpriv\fR. +The \s-1IV\s0 is supplied in the \fBiv\fR parameter. +.PP +\&\fIEVP_OpenUpdate()\fR and \fIEVP_OpenFinal()\fR have exactly the same properties +as the \fIEVP_DecryptUpdate()\fR and \fIEVP_DecryptFinal()\fR routines, as +documented on the EVP_EncryptInit(3) manual +page. +.SH "NOTES" +.IX Header "NOTES" +It is possible to call \fIEVP_OpenInit()\fR twice in the same way as +\&\fIEVP_DecryptInit()\fR. The first call should have \fBpriv\fR set to \s-1NULL\s0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL\s0. +.PP +If the cipher passed in the \fBtype\fR parameter is a variable length +cipher then the key length will be set to the value of the recovered +key length. If the cipher is a fixed length cipher then the recovered +key length must match the fixed cipher length. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_OpenInit()\fR returns 0 on error or a non zero integer (actually the +recovered secret key size) if successful. +.PP +\&\fIEVP_OpenUpdate()\fR returns 1 for success or 0 for failure. +.PP +\&\fIEVP_OpenFinal()\fR returns 0 if the decrypt failed or 1 for success. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), rand(3), +EVP_EncryptInit(3), +EVP_SealInit(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 new file mode 100644 index 0000000..36fe4f1 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -0,0 +1,211 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:55 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_SEALINIT 1" +.TH EVP_SEALINIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 6 +\& int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, +\& int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); +\& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl, unsigned char *in, int inl); +\& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, +\& int *outl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 envelope routines are a high level interface to envelope +encryption. They generate a random key and then \*(L"envelope\*(R" it by +using public key encryption. Data can then be encrypted using this +key. +.PP +\&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption +with cipher \fBtype\fR using a random secret key and \s-1IV\s0 supplied in +the \fBiv\fR parameter. \fBtype\fR is normally supplied by a function such +as \fIEVP_des_cbc()\fR. The secret key is encrypted using one or more public +keys, this allows the same encrypted data to be decrypted using any +of the corresponding private keys. \fBek\fR is an array of buffers where +the public key encrypted secret key will be written, each buffer must +contain enough room for the corresponding encrypted key: that is +\&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual +size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is +an array of \fBnpubk\fR public keys. +.PP +\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties +as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as +documented on the EVP_EncryptInit(3) manual +page. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful. +.PP +\&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for +failure. +.SH "NOTES" +.IX Header "NOTES" +Because a random secret key is generated the random number generator +must be seeded before calling \fIEVP_SealInit()\fR. +.PP +The public key must be \s-1RSA\s0 because it is the only OpenSSL public key +algorithm that supports key transport. +.PP +Envelope encryption is the usual method of using public key encryption +on large amounts of data, this is because public key encryption is slow +but symmetric encryption is fast. So symmetric encryption is used for +bulk encryption and the small random symmetric key used is transferred +using public key encryption. +.PP +It is possible to call \fIEVP_SealInit()\fR twice in the same way as +\&\fIEVP_EncryptInit()\fR. The first call should have \fBnpubk\fR set to 0 +and (after setting any cipher parameters) it should be called again +with \fBtype\fR set to \s-1NULL\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), rand(3), +EVP_EncryptInit(3), +EVP_OpenInit(3) +.SH "HISTORY" +.IX Header "HISTORY" diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 new file mode 100644 index 0000000..abc0151 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -0,0 +1,219 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:57 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_SIGNINIT 1" +.TH EVP_SIGNINIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 3 +\& void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); +.Ve +.Vb 1 +\& int EVP_PKEY_size(EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature routines are a high level interface to digital +signatures. +.PP +\&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to using digest +\&\fBtype\fR: this will typically be supplied by a function such as +\&\fIEVP_sha1()\fR. +.PP +\&\fIEVP_SignUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +signature context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR +and places the signature in \fBsig\fR. If the \fBs\fR parameter is not \s-1NULL\s0 +then the number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes +will be written. After calling \fIEVP_SignFinal()\fR no additional calls to +\&\fIEVP_SignUpdate()\fR can be made, but \fIEVP_SignInit()\fR can be called to initialize +a new signature operation. +.PP +\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. The actual +signature returned by \fIEVP_SignFinal()\fR may be smaller. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_SignInit()\fR and \fIEVP_SignUpdate()\fR do not return values. +.PP +\&\fIEVP_SignFinal()\fR returns 1 for success and 0 for failure. +.PP +\&\fIEVP_PKEY_size()\fR returns the maximum size of a signature in bytes. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +Due to the link between message digests and public key algorithms the correct +digest algorithm must be used with the correct public key type. A list of +algorithms and associated public key algorithms appears in +EVP_DigestInit(3). +.PP +When signing with \s-1DSA\s0 private keys the random number generator must be seeded +or the operation will fail. The random number generator does not need to be +seeded for \s-1RSA\s0 signatures. +.SH "BUGS" +.IX Header "BUGS" +Several of the functions do not return values: maybe they should. Although the +internal digest operations will never fail some future hardware based operations +might. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_VerifyInit(3), +EVP_DigestInit(3), err(3), +evp(3), hmac(3), md2(3), +md5(3), mdc2(3), ripemd(3), +sha(3), digest(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_SignInit()\fR, \fIEVP_SignUpdate()\fR and \fIEVP_SignFinal()\fR are +available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 new file mode 100644 index 0000000..be16627 --- /dev/null +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:17:59 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP_VERIFYINIT 1" +.TH EVP_VERIFYINIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 3 +\& void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +\& void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +\& int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 signature verification routines are a high level interface to digital +signatures. +.PP +\&\fIEVP_VerifyInit()\fR initializes a verification context \fBctx\fR to using digest +\&\fBtype\fR: this will typically be supplied by a function such as \fIEVP_sha1()\fR. +.PP +\&\fIEVP_VerifyUpdate()\fR hashes \fBcnt\fR bytes of data at \fBd\fR into the +verification context \fBctx\fR. This function can be called several times on the +same \fBctx\fR to include additional data. +.PP +\&\fIEVP_VerifyFinal()\fR verifies the data in \fBctx\fR using the public key \fBpkey\fR +and against the \fBsiglen\fR bytes at \fBsigbuf\fR. After calling \fIEVP_VerifyFinal()\fR +no additional calls to \fIEVP_VerifyUpdate()\fR can be made, but \fIEVP_VerifyInit()\fR +can be called to initialize a new verification operation. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIEVP_VerifyInit()\fR and \fIEVP_VerifyUpdate()\fR do not return values. +.PP +\&\fIEVP_VerifyFinal()\fR returns 1 for a correct signature, 0 for failure and \-1 if some +other error occurred. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1EVP\s0\fR interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. +.PP +Due to the link between message digests and public key algorithms the correct +digest algorithm must be used with the correct public key type. A list of +algorithms and associated public key algorithms appears in +EVP_DigestInit(3). +.SH "BUGS" +.IX Header "BUGS" +Several of the functions do not return values: maybe they should. Although the +internal digest operations will never fail some future hardware based operations +might. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), +EVP_SignInit(3), +EVP_DigestInit(3), err(3), +evp(3), hmac(3), md2(3), +md5(3), mdc2(3), ripemd(3), +sha(3), digest(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIEVP_VerifyInit()\fR, \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR are +available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 new file mode 100644 index 0000000..058fa9c --- /dev/null +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -0,0 +1,220 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "OPENSSL_VERSION_NUMBER 1" +.TH OPENSSL_VERSION_NUMBER 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay SSLeay_version \- get OpenSSL version number +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 2 +\& #include <openssl/opensslv.h> +\& #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL +.Ve +.Vb 3 +\& #include <openssl/crypto.h> +\& long SSLeay(void); +\& char *SSLeay_version(int t); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1OPENSSL_VERSION_NUMBER\s0 is a numeric release version identifier: +.PP +.Vb 1 +\& MMNNFFPPS: major minor fix patch status +.Ve +The status nibble has one of the values 0 for development, 1 to e for betas +1 to 14, and f for release. +.PP +for example +.PP +.Vb 3 +\& 0x000906000 == 0.9.6 dev +\& 0x000906023 == 0.9.6b beta 3 +\& 0x00090605f == 0.9.6e release +.Ve +Versions prior to 0.9.3 have identifiers < 0x0930. +Versions between 0.9.3 and 0.9.5 had a version identifier with this +interpretation: +.PP +.Vb 1 +\& MMNNFFRBB major minor fix final beta/patch +.Ve +for example +.PP +.Vb 2 +\& 0x000904100 == 0.9.4 release +\& 0x000905000 == 0.9.5 dev +.Ve +Version 0.9.5a had an interim interpretation that is like the current one, +except the patch level got the highest bit set, to keep continuity. The +number was therefore 0x0090581f. +.PP +For backward compatibility, \s-1SSLEAY_VERSION_NUMBER\s0 is also defined. +.PP +\&\fISSLeay()\fR returns this number. The return value can be compared to the +macro to make sure that the correct version of the library has been +loaded, especially when using DLLs on Windows systems. +.PP +\&\fISSLeay_version()\fR returns different strings depending on \fBt\fR: +.if n .Ip "\s-1SSLEAY_VERSION\s0 The text variant of the version number and the release date. For example, """"OpenSSL 0.9.5a 1 Apr 2000""""." 4 +.el .Ip "\s-1SSLEAY_VERSION\s0 The text variant of the version number and the release date. For example, ``OpenSSL 0.9.5a 1 Apr 2000''." 4 +.IX Item "SSLEAY_VERSION The text variant of the version number and the release date. For example, "OpenSSL 0.9.5a 1 Apr 2000." +.PD 0 +.Ip "\s-1SSLEAY_CFLAGS\s0 The flags given to the C compiler when compiling OpenSSL are returned in a string." 4 +.IX Item "SSLEAY_CFLAGS The flags given to the C compiler when compiling OpenSSL are returned in a string." +.Ip "\s-1SSLEAY_PLATFORM\s0 The platform name used when OpenSSL was configured is returned." 4 +.IX Item "SSLEAY_PLATFORM The platform name used when OpenSSL was configured is returned." +.PD +.PP +If the data request isn't available, a text saying that the information is +not available is returned. +.PP +For an unknown \fBt\fR, the text \*(L"not available\*(R" is returned. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +The version number. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +crypto(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSLeay()\fR and \s-1SSLEAY_VERSION_NUMBER\s0 are available in all versions of SSLeay and OpenSSL. +\&\s-1OPENSSL_VERSION_NUMBER\s0 is available in all versions of OpenSSL. diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 new file mode 100644 index 0000000..0f0ee06 --- /dev/null +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:04 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "OPENSSL_ADD_ALL_ALGORITHMS 1" +.TH OPENSSL_ADD_ALL_ALGORITHMS 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \- +add algorithms to internal table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.Vb 3 +\& void OpenSSL_add_all_algorithms(void); +\& void OpenSSL_add_all_ciphers(void); +\& void OpenSSL_add_all_digests(void); +.Ve +.Vb 1 +\& void EVP_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL keeps an internal table of digest algorithms and ciphers. It uses +this table to lookup ciphers via functions such as \fIEVP_get_cipher_byname()\fR. +.PP +\&\fIOpenSSL_add_all_digests()\fR adds all digest algorithms to the table. +.PP +\&\fIOpenSSL_add_all_algorithms()\fR adds all algorithms to the table (digests and +ciphers). +.PP +\&\fIOpenSSL_add_all_ciphers()\fR adds all encryption algorithms to the table including +password based encryption algorithms. +.PP +\&\fIEVP_cleanup()\fR removes all ciphers and digests from the table. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions return a value. +.SH "NOTES" +.IX Header "NOTES" +A typical application will will call \fIOpenSSL_add_all_algorithms()\fR initially and +\&\fIEVP_cleanup()\fR before exiting. +.PP +An application does not need to add algorithms to use them explicitly, for example +by \fIEVP_sha1()\fR. It just needs to add them if it (or any of the functions it calls) +needs to lookup algorithms. +.PP +The cipher and digest lookup functions are used in many parts of the library. If +the table is not initialized several functions will misbehave and complain they +cannot find algorithms. This includes the \s-1PEM\s0, PKCS#12, \s-1SSL\s0 and S/MIME libraries. +This is a common query in the OpenSSL mailing lists. +.PP +Calling \fIOpenSSL_add_all_algorithms()\fR links in all algorithms: as a result a +statically linked executable can be quite large. If this is important it is possible +to just add the required ciphers and digests. +.SH "BUGS" +.IX Header "BUGS" +Although the functions do not return error codes it is possible for them to fail. +This will only happen as a result of a memory allocation failure so this is not +too much of a problem in practice. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +evp(3), EVP_DigestInit(3), +EVP_EncryptInit(3) diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 new file mode 100644 index 0000000..e9f16f9 --- /dev/null +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:06 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND_ADD 1" +.TH RAND_ADD 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add +entropy to the \s-1PRNG\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 1 +\& void RAND_seed(const void *buf, int num); +.Ve +.Vb 1 +\& void RAND_add(const void *buf, int num, double entropy); +.Ve +.Vb 1 +\& int RAND_status(void); +.Ve +.Vb 2 +\& int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); +\& void RAND_screen(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_add()\fR mixes the \fBnum\fR bytes at \fBbuf\fR into the \s-1PRNG\s0 state. Thus, +if the data at \fBbuf\fR are unpredictable to an adversary, this +increases the uncertainty about the state and makes the \s-1PRNG\s0 output +less predictable. Suitable input comes from user interaction (random +key presses, mouse movements) and certain hardware events. The +\&\fBentropy\fR argument is (the lower bound of) an estimate of how much +randomness is contained in \fBbuf\fR, measured in bytes. Details about +sources of randomness and how to estimate their entropy can be found +in the literature, e.g. \s-1RFC\s0 1750. +.PP +\&\fIRAND_add()\fR may be called with sensitive data such as user entered +passwords. The seed values cannot be recovered from the \s-1PRNG\s0 output. +.PP +OpenSSL makes sure that the \s-1PRNG\s0 state is unique for each thread. On +systems that provide \f(CW\*(C`/dev/urandom\*(C'\fR, the randomness device is used +to seed the \s-1PRNG\s0 transparently. However, on all other systems, the +application is responsible for seeding the \s-1PRNG\s0 by calling \fIRAND_add()\fR, +RAND_egd(3) +or RAND_load_file(3). +.PP +\&\fIRAND_seed()\fR is equivalent to \fIRAND_add()\fR when \fBnum == entropy\fR. +.PP +\&\fIRAND_event()\fR collects the entropy from Windows events such as mouse +movements and other user interaction. It should be called with the +\&\fBiMsg\fR, \fBwParam\fR and \fBlParam\fR arguments of \fIall\fR messages sent to +the window procedure. It will estimate the entropy contained in the +event message (if any), and add it to the \s-1PRNG\s0. The program can then +process the messages as usual. +.PP +The \fIRAND_screen()\fR function is available for the convenience of Windows +programmers. It adds the current contents of the screen to the \s-1PRNG\s0. +For applications that can catch Windows events, seeding the \s-1PRNG\s0 by +calling \fIRAND_event()\fR is a significantly better source of +randomness. It should be noted that both methods cannot be used on +servers that run without user interaction. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_status()\fR and \fIRAND_event()\fR return 1 if the \s-1PRNG\s0 has been seeded +with enough data, 0 otherwise. +.PP +The other functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rand(3), RAND_egd(3), +RAND_load_file(3), RAND_cleanup(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_seed()\fR and \fIRAND_screen()\fR are available in all versions of SSLeay +and OpenSSL. \fIRAND_add()\fR and \fIRAND_status()\fR have been added in OpenSSL +0.9.5, \fIRAND_event()\fR in OpenSSL 0.9.5a. diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 new file mode 100644 index 0000000..0ed9cbc --- /dev/null +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:08 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND_BYTES 1" +.TH RAND_BYTES 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RAND_bytes, RAND_pseudo_bytes \- generate random data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 1 +\& int RAND_bytes(unsigned char *buf, int num); +.Ve +.Vb 1 +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_bytes()\fR puts \fBnum\fR cryptographically strong pseudo-random bytes +into \fBbuf\fR. An error occurs if the \s-1PRNG\s0 has not been seeded with +enough randomness to ensure an unpredictable byte sequence. +.PP +\&\fIRAND_pseudo_bytes()\fR puts \fBnum\fR pseudo-random bytes into \fBbuf\fR. +Pseudo-random byte sequences generated by \fIRAND_pseudo_bytes()\fR will be +unique if they are of sufficient length, but are not necessarily +unpredictable. They can be used for non-cryptographic purposes and for +certain purposes in cryptographic protocols, but usually not for key +generation etc. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_bytes()\fR returns 1 on success, 0 otherwise. The error code can be +obtained by ERR_get_error(3). \fIRAND_pseudo_bytes()\fR returns 1 if the +bytes generated are cryptographically strong, 0 otherwise. Both +functions return \-1 if they are not supported by the current \s-1RAND\s0 +method. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rand(3), err(3), RAND_add(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL. It +has a return value since OpenSSL 0.9.5. \fIRAND_pseudo_bytes()\fR was added +in OpenSSL 0.9.5. diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 new file mode 100644 index 0000000..eac4a58 --- /dev/null +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -0,0 +1,164 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND_CLEANUP 1" +.TH RAND_CLEANUP 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RAND_cleanup \- erase the \s-1PRNG\s0 state +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 1 +\& void RAND_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_cleanup()\fR erases the memory used by the \s-1PRNG\s0. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIRAND_cleanup()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rand(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_cleanup()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 new file mode 100644 index 0000000..1b8fdd3 --- /dev/null +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:12 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND_EGD 1" +.TH RAND_EGD 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RAND_egd \- query entropy gathering daemon +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 2 +\& int RAND_egd(const char *path); +\& int RAND_egd_bytes(const char *path, int bytes); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_egd()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. +It queries 255 bytes and uses RAND_add(3) to seed the +OpenSSL built-in \s-1PRNG\s0. RAND_egd(path) is a wrapper for +RAND_egd_bytes(path, 255); +.PP +\&\fIRAND_egd_bytes()\fR queries the entropy gathering daemon \s-1EGD\s0 on socket \fBpath\fR. +It queries \fBbytes\fR bytes and uses RAND_add(3) to seed the +OpenSSL built-in \s-1PRNG\s0. +This function is more flexible than \fIRAND_egd()\fR. +When only one secret key must +be generated, it is not necessary to request the full amount 255 bytes from +the \s-1EGD\s0 socket. This can be advantageous, since the amount of entropy +that can be retrieved from \s-1EGD\s0 over time is limited. +.SH "NOTES" +.IX Header "NOTES" +On systems without /dev/*random devices providing entropy from the kernel, +the \s-1EGD\s0 entropy gathering daemon can be used to collect entropy. It provides +a socket interface through which entropy can be gathered in chunks up to +255 bytes. Several chunks can be queried during one connection. +.PP +\&\s-1EGD\s0 is available from http://www.lothar.com/tech/crypto/ (\f(CW\*(C`perl +Makefile.PL; make; make install\*(C'\fR to install). It is run as \fBegd\fR +\&\fIpath\fR, where \fIpath\fR is an absolute path designating a socket. When +\&\fIRAND_egd()\fR is called with that path as an argument, it tries to read +random bytes that \s-1EGD\s0 has collected. The read is performed in +non-blocking mode. +.PP +Alternatively, the EGD-interface compatible daemon \s-1PRNGD\s0 can be used. It is +available from +http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html . +\&\s-1PRNGD\s0 does employ an internal \s-1PRNG\s0 itself and can therefore never run +out of entropy. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIRAND_egd()\fR and \fIRAND_egd_bytes()\fR return the number of bytes read from the +daemon on success, and \-1 if the connection failed or the daemon did not +return enough data to fully seed the \s-1PRNG\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rand(3), RAND_add(3), +RAND_cleanup(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_egd()\fR is available since OpenSSL 0.9.5. +.PP +\&\fIRAND_egd_bytes()\fR is available since OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 new file mode 100644 index 0000000..a084d6a --- /dev/null +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:15 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND_LOAD_FILE 1" +.TH RAND_LOAD_FILE 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 1 +\& const char *RAND_file_name(char *buf, size_t num); +.Ve +.Vb 1 +\& int RAND_load_file(const char *filename, long max_bytes); +.Ve +.Vb 1 +\& int RAND_write_file(const char *filename); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRAND_file_name()\fR generates a default path for the random seed +file. \fBbuf\fR points to a buffer of size \fBnum\fR in which to store the +filename. The seed file is \f(CW$RANDFILE\fR if that environment variable is +set, \f(CW$HOME\fR/.rnd otherwise. If \f(CW$HOME\fR is not set either, or \fBnum\fR is +too small for the path name, an error occurs. +.PP +\&\fIRAND_load_file()\fR reads a number of bytes from file \fBfilename\fR and +adds them to the \s-1PRNG\s0. If \fBmax_bytes\fR is non-negative, +up to to \fBmax_bytes\fR are read; starting with OpenSSL 0.9.5, +if \fBmax_bytes\fR is \-1, the complete file is read. +.PP +\&\fIRAND_write_file()\fR writes a number of random bytes (currently 1024) to +file \fBfilename\fR which can be used to initialize the \s-1PRNG\s0 by calling +\&\fIRAND_load_file()\fR in a later session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_load_file()\fR returns the number of bytes read. +.PP +\&\fIRAND_write_file()\fR returns the number of bytes written, and \-1 if the +bytes written were generated without appropriate seed. +.PP +\&\fIRAND_file_name()\fR returns a pointer to \fBbuf\fR on success, and \s-1NULL\s0 on +error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rand(3), RAND_add(3), RAND_cleanup(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_load_file()\fR, \fIRAND_write_file()\fR and \fIRAND_file_name()\fR are available in +all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 new file mode 100644 index 0000000..f2572f3 --- /dev/null +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:17 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND_SET_RAND_METHOD 1" +.TH RAND_SET_RAND_METHOD 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 1 +\& void RAND_set_rand_method(RAND_METHOD *meth); +.Ve +.Vb 1 +\& RAND_METHOD *RAND_get_rand_method(void); +.Ve +.Vb 1 +\& RAND_METHOD *RAND_SSLeay(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \fB\s-1RAND_METHOD\s0\fR specifies the functions that OpenSSL uses for random +number generation. By modifying the method, alternative +implementations such as hardware RNGs may be used. Initially, the +default is to use the OpenSSL internal implementation. \fIRAND_SSLeay()\fR +returns a pointer to that method. +.PP +\&\fIRAND_set_rand_method()\fR sets the \s-1RAND\s0 method to \fBmeth\fR. +\&\fIRAND_get_rand_method()\fR returns a pointer to the current method. +.SH "THE RAND_METHOD STRUCTURE" +.IX Header "THE RAND_METHOD STRUCTURE" +.Vb 9 +\& typedef struct rand_meth_st +\& { +\& void (*seed)(const void *buf, int num); +\& int (*bytes)(unsigned char *buf, int num); +\& void (*cleanup)(void); +\& void (*add)(const void *buf, int num, int entropy); +\& int (*pseudorand)(unsigned char *buf, int num); +\& int (*status)(void); +\& } RAND_METHOD; +.Ve +The components point to the implementation of \fIRAND_seed()\fR, +\&\fIRAND_bytes()\fR, \fIRAND_cleanup()\fR, \fIRAND_add()\fR, \fIRAND_pseudo_rand()\fR +and \fIRAND_status()\fR. +Each component may be \s-1NULL\s0 if the function is not implemented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRAND_set_rand_method()\fR returns no value. \fIRAND_get_rand_method()\fR and +\&\fIRAND_SSLeay()\fR return pointers to the respective methods. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rand(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRAND_set_rand_method()\fR, \fIRAND_get_rand_method()\fR and \fIRAND_SSLeay()\fR are +available in all versions of OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 new file mode 100644 index 0000000..9345b59 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:19 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_BLINDING_ON 1" +.TH RSA_BLINDING_ON 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 1 +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +.Ve +.Vb 1 +\& void RSA_blinding_off(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RSA\s0 is vulnerable to timing attacks. In a setup where attackers can +measure the time of \s-1RSA\s0 decryption or signature operations, blinding +must be used to protect the \s-1RSA\s0 operation from that attack. +.PP +\&\fIRSA_blinding_on()\fR turns blinding on for key \fBrsa\fR and generates a +random blinding factor. \fBctx\fR is \fB\s-1NULL\s0\fR or a pre-allocated and +initialized \fB\s-1BN_CTX\s0\fR. The random number generator must be seeded +prior to calling \fIRSA_blinding_on()\fR. +.PP +\&\fIRSA_blinding_off()\fR turns blinding off and frees the memory used for +the blinding factor. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_blinding_on()\fR returns 1 on success, and 0 if an error occurred. +.PP +\&\fIRSA_blinding_off()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), rand(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_blinding_on()\fR and \fIRSA_blinding_off()\fR appeared in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 new file mode 100644 index 0000000..a97e622 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:21 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_CHECK_KEY 1" +.TH RSA_CHECK_KEY 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_check_key \- validate private \s-1RSA\s0 keys +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 1 +\& int RSA_check_key(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function validates \s-1RSA\s0 keys. It checks that \fBp\fR and \fBq\fR are +in fact prime, and that \fBn = p*q\fR. +.PP +It also checks that \fBd*e = 1 mod (p-1*q-1)\fR, +and that \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR are set correctly or are \fB\s-1NULL\s0\fR. +.PP +The key's public components may not be \fB\s-1NULL\s0\fR. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +\&\fIRSA_check_key()\fR returns 1 if \fBrsa\fR is a valid \s-1RSA\s0 key, and 0 otherwise. +\&\-1 is returned if an error occurs while checking the key. +.PP +If the key is invalid or an error occurred, the reason code can be +obtained using ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_check()\fR appeared in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 new file mode 100644 index 0000000..ae0f5cb --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:23 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_GENERATE_KEY 1" +.TH RSA_GENERATE_KEY 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_generate_key \- generate \s-1RSA\s0 key pair +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& RSA *RSA_generate_key(int num, unsigned long e, +\& void (*callback)(int,int,void *), void *cb_arg); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_generate_key()\fR generates a key pair and returns it in a newly +allocated \fB\s-1RSA\s0\fR structure. The pseudo-random number generator must +be seeded prior to calling \fIRSA_generate_key()\fR. +.PP +The modulus size will be \fBnum\fR bits, and the public exponent will be +\&\fBe\fR. Key sizes with \fBnum\fR < 1024 should be considered insecure. +The exponent is an odd number, typically 3 or 65535. +.PP +A callback function may be used to provide feedback about the +progress of the key generation. If \fBcallback\fR is not \fB\s-1NULL\s0\fR, it +will be called as follows: +.Ip "\(bu" 4 +While a random prime number is generated, it is called as +described in BN_generate_prime(3). +.Ip "\(bu" 4 +When the n-th randomly generated prime is rejected as not +suitable for the key, \fBcallback(2, n, cb_arg)\fR is called. +.Ip "\(bu" 4 +When a random p has been found with p-1 relatively prime to \fBe\fR, +it is called as \fBcallback(3, 0, cb_arg)\fR. +.PP +The process is then repeated for prime q with \fBcallback(3, 1, cb_arg)\fR. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +If key generation fails, \fIRSA_generate_key()\fR returns \fB\s-1NULL\s0\fR; the +error codes can be obtained by ERR_get_error(3). +.SH "BUGS" +.IX Header "BUGS" +\&\fBcallback(2, x, cb_arg)\fR is used with two different meanings. +.PP +\&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), rand(3), rsa(3), RSA_free(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBcb_arg\fR argument was added in SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 new file mode 100644 index 0000000..6c43dc8 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -0,0 +1,257 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:26 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_GET_EX_NEW_INDEX 1" +.TH RSA_GET_EX_NEW_INDEX 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 4 +\& int RSA_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int RSA_set_ex_data(RSA *r, int idx, void *arg); +.Ve +.Vb 1 +\& void *RSA_get_ex_data(RSA *r, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +This has several potential uses, it can be used to cache data associated with +a structure (for example the hash of some part of the structure) or some +additional data (for example a handle to the data in an external library). +.PP +Since the application data can be anything at all it is passed and retrieved +as a \fBvoid *\fR type. +.PP +The \fB\f(BIRSA_get_ex_new_index()\fB\fR function is initially called to \*(L"register\*(R" some +new application specific data. It takes three optional function pointers which +are called when the parent structure (in this case an \s-1RSA\s0 structure) is +initially created, when it is copied and when it is freed up. If any or all of +these function pointer arguments are not used they should be set to \s-1NULL\s0. The +precise manner in which these function pointers are called is described in more +detail below. \fB\f(BIRSA_get_ex_new_index()\fB\fR also takes additional long and pointer +parameters which will be passed to the supplied functions but which otherwise +have no special meaning. It returns an \fBindex\fR which should be stored +(typically in a static variable) and passed used in the \fBidx\fR parameter in +the remaining functions. Each successful call to \fB\f(BIRSA_get_ex_new_index()\fB\fR +will return an index greater than any previously returned, this is important +because the optional functions are called in order of increasing index value. +.PP +\&\fB\f(BIRSA_set_ex_data()\fB\fR is used to set application specific data, the data is +supplied in the \fBarg\fR parameter and its precise meaning is up to the +application. +.PP +\&\fB\f(BIRSA_get_ex_data()\fB\fR is used to retrieve application specific data. The data +is returned to the application, this will be the same value as supplied to +a previous \fB\f(BIRSA_set_ex_data()\fB\fR call. +.PP +\&\fB\f(BInew_func()\fB\fR is called when a structure is initially allocated (for example +with \fB\f(BIRSA_new()\fB\fR. The parent structure members will not have any meaningful +values at this point. This function will typically be used to allocate any +application specific structure. +.PP +\&\fB\f(BIfree_func()\fB\fR is called when a structure is being freed up. The dynamic parent +structure members should not be accessed because they will be freed up when +this function is called. +.PP +\&\fB\f(BInew_func()\fB\fR and \fB\f(BIfree_func()\fB\fR take the same parameters. \fBparent\fR is a +pointer to the parent \s-1RSA\s0 structure. \fBptr\fR is a the application specific data +(this wont be of much use in \fB\f(BInew_func()\fB\fR. \fBad\fR is a pointer to the +\&\fB\s-1CRYPTO_EX_DATA\s0\fR structure from the parent \s-1RSA\s0 structure: the functions +\&\fB\f(BICRYPTO_get_ex_data()\fB\fR and \fB\f(BICRYPTO_set_ex_data()\fB\fR can be called to manipulate +it. The \fBidx\fR parameter is the index: this will be the same value returned by +\&\fB\f(BIRSA_get_ex_new_index()\fB\fR when the functions were initially registered. Finally +the \fBargl\fR and \fBargp\fR parameters are the values originally passed to the same +corresponding parameters when \fB\f(BIRSA_get_ex_new_index()\fB\fR was called. +.PP +\&\fB\f(BIdup_func()\fB\fR is called when a structure is being copied. Pointers to the +destination and source \fB\s-1CRYPTO_EX_DATA\s0\fR structures are passed in the \fBto\fR and +\&\fBfrom\fR parameters respectively. The \fBfrom_d\fR parameter is passed a pointer to +the source application data when the function is called, when the function returns +the value is copied to the destination: the application can thus modify the data +pointed to by \fBfrom_d\fR and have different values in the source and destination. +The \fBidx\fR, \fBargl\fR and \fBargp\fR parameters are the same as those in \fB\f(BInew_func()\fB\fR +and \fB\f(BIfree_func()\fB\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fB\f(BIRSA_get_ex_new_index()\fB\fR returns a new index or \-1 on failure (note 0 is a valid +index value). +.PP +\&\fB\f(BIRSA_set_ex_data()\fB\fR returns 1 on success or 0 on failure. +.PP +\&\fB\f(BIRSA_get_ex_data()\fB\fR returns the application data or 0 on failure. 0 may also +be valid application data but currently it can only fail if given an invalid \fBidx\fR +parameter. +.PP +\&\fB\f(BInew_func()\fB\fR and \fB\f(BIdup_func()\fB\fR should return 0 for failure and 1 for success. +.PP +On failure an error code can be obtained from ERR_get_error(3). +.SH "BUGS" +.IX Header "BUGS" +\&\fB\f(BIdup_func()\fB\fR is currently never called. +.PP +The return value of \fB\f(BInew_func()\fB\fR is ignored. +.PP +The \fB\f(BInew_func()\fB\fR function isn't very useful because no meaningful values are +present in the parent \s-1RSA\s0 structure when it is called. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), CRYPTO_set_ex_data(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_get_ex_new_index()\fR, \fIRSA_set_ex_data()\fR and \fIRSA_get_ex_data()\fR are +available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 new file mode 100644 index 0000000..67bd003 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:28 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_NEW 1" +.TH RSA_NEW 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 1 +\& RSA * RSA_new(void); +.Ve +.Vb 1 +\& void RSA_free(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_new()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure. +.PP +\&\fIRSA_free()\fR frees the \fB\s-1RSA\s0\fR structure and its components. The key is +erased before the memory is returned to the system. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +If the allocation fails, \fIRSA_new()\fR returns \fB\s-1NULL\s0\fR and sets an error +code that can be obtained by ERR_get_error(3). Otherwise it returns +a pointer to the newly allocated structure. +.PP +\&\fIRSA_free()\fR returns no value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), rsa(3), RSA_generate_key(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_new()\fR and \fIRSA_free()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 new file mode 100644 index 0000000..d44616c --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,259 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:30 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_PADDING_ADD_PKCS1_TYPE_1 1" +.TH RSA_PADDING_ADD_PKCS1_TYPE_1 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, +RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, +RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, +RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, +RSA_padding_add_none, RSA_padding_check_none \- asymmetric encryption +padding +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, +\& unsigned char *f, int fl); +.Ve +.Vb 2 +\& int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, +\& unsigned char *f, int fl, int rsa_len); +.Ve +.Vb 2 +\& int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, +\& unsigned char *f, int fl); +.Ve +.Vb 2 +\& int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, +\& unsigned char *f, int fl, int rsa_len); +.Ve +.Vb 2 +\& int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, +\& unsigned char *f, int fl, unsigned char *p, int pl); +.Ve +.Vb 2 +\& int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, +\& unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl); +.Ve +.Vb 2 +\& int RSA_padding_add_SSLv23(unsigned char *to, int tlen, +\& unsigned char *f, int fl); +.Ve +.Vb 2 +\& int RSA_padding_check_SSLv23(unsigned char *to, int tlen, +\& unsigned char *f, int fl, int rsa_len); +.Ve +.Vb 2 +\& int RSA_padding_add_none(unsigned char *to, int tlen, +\& unsigned char *f, int fl); +.Ve +.Vb 2 +\& int RSA_padding_check_none(unsigned char *to, int tlen, +\& unsigned char *f, int fl, int rsa_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fIRSA_padding_xxx_xxx()\fR functions are called from the \s-1RSA\s0 encrypt, +decrypt, sign and verify functions. Normally they should not be called +from application programs. +.PP +However, they can also be called directly to implement padding for other +asymmetric ciphers. \fIRSA_padding_add_PKCS1_OAEP()\fR and +\&\fIRSA_padding_check_PKCS1_OAEP()\fR may be used in an application combined +with \fB\s-1RSA_NO_PADDING\s0\fR in order to implement \s-1OAEP\s0 with an encoding +parameter. +.PP +\&\fIRSA_padding_add_xxx()\fR encodes \fBfl\fR bytes from \fBf\fR so as to fit into +\&\fBtlen\fR bytes and stores the result at \fBto\fR. An error occurs if \fBfl\fR +does not meet the size requirements of the encoding method. +.PP +The following encoding methods are implemented: +.Ip "PKCS1_type_1" 4 +.IX Item "PKCS1_type_1" +\&\s-1PKCS\s0 #1 v2.0 EMSA-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 1); used for signatures +.Ip "PKCS1_type_2" 4 +.IX Item "PKCS1_type_2" +\&\s-1PKCS\s0 #1 v2.0 EME-PKCS1\-v1_5 (\s-1PKCS\s0 #1 v1.5 block type 2) +.Ip "\s-1PKCS1_OAEP\s0" 4 +.IX Item "PKCS1_OAEP" +\&\s-1PKCS\s0 #1 v2.0 \s-1EME-OAEP\s0 +.Ip "SSLv23" 4 +.IX Item "SSLv23" +\&\s-1PKCS\s0 #1 EME-PKCS1\-v1_5 with SSL-specific modification +.Ip "none" 4 +.IX Item "none" +simply copy the data +.PP +The random number generator must be seeded prior to calling +\&\fIRSA_padding_add_xxx()\fR. +.PP +\&\fIRSA_padding_check_xxx()\fR verifies that the \fBfl\fR bytes at \fBf\fR contain +a valid encoding for a \fBrsa_len\fR byte \s-1RSA\s0 key in the respective +encoding method and stores the recovered data of at most \fBtlen\fR bytes +(for \fB\s-1RSA_NO_PADDING\s0\fR: of size \fBtlen\fR) +at \fBto\fR. +.PP +For \fIRSA_padding_xxx_OAEP()\fR, \fBp\fR points to the encoding parameter +of length \fBpl\fR. \fBp\fR may be \fB\s-1NULL\s0\fR if \fBpl\fR is 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The \fIRSA_padding_add_xxx()\fR functions return 1 on success, 0 on error. +The \fIRSA_padding_check_xxx()\fR functions return the length of the +recovered data, \-1 on error. Error codes can be obtained by calling +ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +RSA_public_encrypt(3), +RSA_private_decrypt(3), +RSA_sign(3), RSA_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_padding_add_PKCS1_type_1()\fR, \fIRSA_padding_check_PKCS1_type_1()\fR, +\&\fIRSA_padding_add_PKCS1_type_2()\fR, \fIRSA_padding_check_PKCS1_type_2()\fR, +\&\fIRSA_padding_add_SSLv23()\fR, \fIRSA_padding_check_SSLv23()\fR, +\&\fIRSA_padding_add_none()\fR and \fIRSA_padding_check_none()\fR appeared in +SSLeay 0.9.0. +.PP +\&\fIRSA_padding_add_PKCS1_OAEP()\fR and \fIRSA_padding_check_PKCS1_OAEP()\fR were +added in OpenSSL 0.9.2b. diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 new file mode 100644 index 0000000..a08b628 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -0,0 +1,188 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_PRINT 1" +.TH RSA_PRINT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, +DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic +parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +.Ve +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 4 +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int offset); +\& int DSA_print_fp(FILE *fp, DSA *x, int offset); +.Ve +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 2 +\& int DHparams_print(BIO *bp, DH *x); +\& int DHparams_print_fp(FILE *fp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A human-readable hexadecimal output of the components of the \s-1RSA\s0 +key, \s-1DSA\s0 parameters or key or \s-1DH\s0 parameters is printed to \fBbp\fR or \fBfp\fR. +.PP +The output lines are indented by \fBoffset\fR spaces. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions return 1 on success, 0 on error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dh(3), dsa(3), rsa(3), BN_bn2bin(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_print()\fR, \fIRSA_print_fp()\fR, \fIDSA_print()\fR, \fIDSA_print_fp()\fR, \fIDH_print()\fR, +\&\fIDH_print_fp()\fR are available in all versions of SSLeay and OpenSSL. +\&\fIDSAparams_print()\fR and \fIDSAparams_print_pf()\fR were added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 new file mode 100644 index 0000000..8a3a050 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:35 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_PRIVATE_ENCRYPT 1" +.TH RSA_PRIVATE_ENCRYPT 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_private_encrypt, RSA_public_decrypt \- low level signature operations +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 2 +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions handle \s-1RSA\s0 signatures at a low level. +.PP +\&\fIRSA_private_encrypt()\fR signs the \fBflen\fR bytes at \fBfrom\fR (usually a +message digest with an algorithm identifier) using the private key +\&\fBrsa\fR and stores the signature in \fBto\fR. \fBto\fR must point to +\&\fBRSA_size(rsa)\fR bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.Ip "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This function does not handle the +\&\fBalgorithmIdentifier\fR specified in \s-1PKCS\s0 #1. When generating or +verifying \s-1PKCS\s0 #1 signatures, RSA_sign(3) and RSA_verify(3) should be +used. +.Ip "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 signature. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Signing user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fIRSA_public_decrypt()\fR recovers the message digest from the \fBflen\fR +bytes long signature at \fBfrom\fR using the signer's public key +\&\fBrsa\fR. \fBto\fR must point to a memory section large enough to hold the +message digest (which is smaller than \fBRSA_size(rsa) \- +11\fR). \fBpadding\fR is the padding mode that was used to sign the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_private_encrypt()\fR returns the size of the signature (i.e., +RSA_size(rsa)). \fIRSA_public_decrypt()\fR returns the size of the +recovered message digest. +.PP +On error, \-1 is returned; the error codes can be +obtained by ERR_get_error(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), rsa(3), RSA_sign(3), RSA_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is +available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 new file mode 100644 index 0000000..b000298 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:37 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_PUBLIC_ENCRYPT 1" +.TH RSA_PUBLIC_ENCRYPT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& int RSA_public_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 2 +\& int RSA_private_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_public_encrypt()\fR encrypts the \fBflen\fR bytes at \fBfrom\fR (usually a +session key) using the public key \fBrsa\fR and stores the ciphertext in +\&\fBto\fR. \fBto\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBpadding\fR denotes one of the following modes: +.Ip "\s-1RSA_PKCS1_PADDING\s0" 4 +.IX Item "RSA_PKCS1_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding. This currently is the most widely used mode. +.Ip "\s-1RSA_PKCS1_OAEP_PADDING\s0" 4 +.IX Item "RSA_PKCS1_OAEP_PADDING" +\&\s-1EME-OAEP\s0 as defined in \s-1PKCS\s0 #1 v2.0 with \s-1SHA-1\s0, \s-1MGF1\s0 and an empty +encoding parameter. This mode is recommended for all new applications. +.Ip "\s-1RSA_SSLV23_PADDING\s0" 4 +.IX Item "RSA_SSLV23_PADDING" +\&\s-1PKCS\s0 #1 v1.5 padding with an SSL-specific modification that denotes +that the server is \s-1SSL3\s0 capable. +.Ip "\s-1RSA_NO_PADDING\s0" 4 +.IX Item "RSA_NO_PADDING" +Raw \s-1RSA\s0 encryption. This mode should \fIonly\fR be used to implement +cryptographically sound padding modes in the application code. +Encrypting user data directly with \s-1RSA\s0 is insecure. +.PP +\&\fBflen\fR must be less than RSA_size(\fBrsa\fR) \- 11 for the \s-1PKCS\s0 #1 v1.5 +based padding modes, and less than RSA_size(\fBrsa\fR) \- 41 for +\&\s-1RSA_PKCS1_OAEP_PADDING\s0. The random number generator must be seeded +prior to calling \fIRSA_public_encrypt()\fR. +.PP +\&\fIRSA_private_decrypt()\fR decrypts the \fBflen\fR bytes at \fBfrom\fR using the +private key \fBrsa\fR and stores the plaintext in \fBto\fR. \fBto\fR must point +to a memory section large enough to hold the decrypted data (which is +smaller than RSA_size(\fBrsa\fR)). \fBpadding\fR is the padding mode that +was used to encrypt the data. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_public_encrypt()\fR returns the size of the encrypted data (i.e., +RSA_size(\fBrsa\fR)). \fIRSA_private_decrypt()\fR returns the size of the +recovered plaintext. +.PP +On error, \-1 is returned; the error codes can be +obtained by ERR_get_error(3). +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), rand(3), rsa(3), RSA_size(3) +.SH "NOTES" +.IX Header "NOTES" +The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode. +.SH "HISTORY" +.IX Header "HISTORY" +The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is +available since SSLeay 0.9.0, \s-1OAEP\s0 was added in OpenSSL 0.9.2b. diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 new file mode 100644 index 0000000..e71dd46 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -0,0 +1,311 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:39 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_SET_METHOD 1" +.TH RSA_SET_METHOD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_set_default_method, RSA_get_default_method, RSA_set_method, +RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, +RSA_null_method, RSA_flags, RSA_new_method \- select \s-1RSA\s0 method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 1 +\& void RSA_set_default_method(RSA_METHOD *meth); +.Ve +.Vb 1 +\& RSA_METHOD *RSA_get_default_method(void); +.Ve +.Vb 1 +\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); +.Ve +.Vb 1 +\& RSA_METHOD *RSA_get_method(RSA *rsa); +.Ve +.Vb 1 +\& RSA_METHOD *RSA_PKCS1_SSLeay(void); +.Ve +.Vb 1 +\& RSA_METHOD *RSA_PKCS1_RSAref(void); +.Ve +.Vb 1 +\& RSA_METHOD *RSA_null_method(void); +.Ve +.Vb 1 +\& int RSA_flags(RSA *rsa); +.Ve +.Vb 1 +\& RSA *RSA_new_method(RSA_METHOD *method); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +An \fB\s-1RSA_METHOD\s0\fR specifies the functions that OpenSSL uses for \s-1RSA\s0 +operations. By modifying the method, alternative implementations +such as hardware accelerators may be used. +.PP +Initially, the default is to use the OpenSSL internal implementation, +unless OpenSSL was configured with the \f(CW\*(C`rsaref\*(C'\fR or \f(CW\*(C`\-DRSA_NULL\*(C'\fR +options. \fIRSA_PKCS1_SSLeay()\fR returns a pointer to that method. +.PP +\&\fIRSA_PKCS1_RSAref()\fR returns a pointer to a method that uses the RSAref +library. This is the default method in the \f(CW\*(C`rsaref\*(C'\fR configuration; +the function is not available in other configurations. +\&\fIRSA_null_method()\fR returns a pointer to a method that does not support +the \s-1RSA\s0 transformation. It is the default if OpenSSL is compiled with +\&\f(CW\*(C`\-DRSA_NULL\*(C'\fR. These methods may be useful in the \s-1USA\s0 because of a +patent on the \s-1RSA\s0 cryptosystem. +.PP +\&\fIRSA_set_default_method()\fR makes \fBmeth\fR the default method for all \fB\s-1RSA\s0\fR +structures created later. +.PP +\&\fIRSA_get_default_method()\fR returns a pointer to the current default +method. +.PP +\&\fIRSA_set_method()\fR selects \fBmeth\fR for all operations using the key +\&\fBrsa\fR. +.PP +\&\fIRSA_get_method()\fR returns a pointer to the method currently selected +for \fBrsa\fR. +.PP +\&\fIRSA_flags()\fR returns the \fBflags\fR that are set for \fBrsa\fR's current method. +.PP +\&\fIRSA_new_method()\fR allocates and initializes an \fB\s-1RSA\s0\fR structure so that +\&\fBmethod\fR will be used for the \s-1RSA\s0 operations. If \fBmethod\fR is \fB\s-1NULL\s0\fR, +the default method is used. +.SH "THE RSA_METHOD STRUCTURE" +.IX Header "THE RSA_METHOD STRUCTURE" +.Vb 4 +\& typedef struct rsa_meth_st +\& { +\& /* name of the implementation */ +\& const char *name; +.Ve +.Vb 3 +\& /* encrypt */ +\& int (*rsa_pub_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 3 +\& /* verify arbitrary data */ +\& int (*rsa_pub_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 3 +\& /* sign arbitrary data */ +\& int (*rsa_priv_enc)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 3 +\& /* decrypt */ +\& int (*rsa_priv_dec)(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 3 +\& /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some +\& implementations) */ +\& int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); +.Ve +.Vb 3 +\& /* compute r = a ^ p mod m (May be NULL for some implementations) */ +\& int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +.Ve +.Vb 2 +\& /* called at RSA_new */ +\& int (*init)(RSA *rsa); +.Ve +.Vb 2 +\& /* called at RSA_free */ +\& int (*finish)(RSA *rsa); +.Ve +.Vb 7 +\& /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key +\& * operations, even if p,q,dmp1,dmq1,iqmp +\& * are NULL +\& * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify +\& * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match +\& */ +\& int flags; +.Ve +.Vb 1 +\& char *app_data; /* ?? */ +.Ve +.Vb 5 +\& /* sign. For backward compatibility, this is used only +\& * if (flags & RSA_FLAG_SIGN_VER) +\& */ +\& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +.Ve +.Vb 5 +\& /* verify. For backward compatibility, this is used only +\& * if (flags & RSA_FLAG_SIGN_VER) +\& */ +\& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.Vb 1 +\& } RSA_METHOD; +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_PKCS1_SSLeay()\fR, \fIRSA_PKCS1_RSAref()\fR, \fIRSA_PKCS1_null_method()\fR, +\&\fIRSA_get_default_method()\fR and \fIRSA_get_method()\fR return pointers to the +respective \fB\s-1RSA_METHOD\s0\fRs. +.PP +\&\fIRSA_set_default_method()\fR returns no value. +.PP +\&\fIRSA_set_method()\fR returns a pointer to the \fB\s-1RSA_METHOD\s0\fR previously +associated with \fBrsa\fR. +.PP +\&\fIRSA_new_method()\fR returns \fB\s-1NULL\s0\fR and sets an error code that can be +obtained by ERR_get_error(3) if the allocation fails. Otherwise it +returns a pointer to the newly allocated structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3), RSA_new(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_new_method()\fR and \fIRSA_set_default_method()\fR appeared in SSLeay 0.8. +\&\fIRSA_get_default_method()\fR, \fIRSA_set_method()\fR and \fIRSA_get_method()\fR as +well as the rsa_sign and rsa_verify components of \s-1RSA_METHOD\s0 were +added in OpenSSL 0.9.4. diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 new file mode 100644 index 0000000..39dccab --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:42 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_SIGN 1" +.TH RSA_SIGN 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_sign, RSA_verify \- \s-1RSA\s0 signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& int RSA_sign(int type, unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +.Ve +.Vb 2 +\& int RSA_verify(int type, unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_sign()\fR signs the message digest \fBm\fR of size \fBm_len\fR using the +private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the +signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR +must point to RSA_size(\fBrsa\fR) bytes of memory. +.PP +\&\fBtype\fR denotes the message digest algorithm that was used to generate +\&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR; +see objects(3) for details. If \fBtype\fR is \fBNID_md5_sha1\fR, +an \s-1SSL\s0 signature (\s-1MD5\s0 and \s-1SHA1\s0 message digests with \s-1PKCS\s0 #1 padding +and no algorithm identifier) is created. +.PP +\&\fIRSA_verify()\fR verifies that the signature \fBsigbuf\fR of size \fBsiglen\fR +matches a given message digest \fBm\fR of size \fBm_len\fR. \fBtype\fR denotes +the message digest algorithm that was used to generate the signature. +\&\fBrsa\fR is the signer's public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_sign()\fR returns 1 on success, 0 otherwise. \fIRSA_verify()\fR returns 1 +on successful verification, 0 otherwise. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "BUGS" +.IX Header "BUGS" +Certain signatures with an improper algorithm identifier are accepted +for compatibility with SSLeay 0.4.5 :\-) +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), objects(3), rsa(3), +RSA_private_encrypt(3), +RSA_public_decrypt(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_sign()\fR and \fIRSA_verify()\fR are available in all versions of SSLeay +and OpenSSL. diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100644 index 0000000..acc1125 --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:44 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_SIGN_ASN1_OCTET_STRING 1" +.TH RSA_SIGN_ASN1_OCTET_STRING 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 3 +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, unsigned int *siglen, +\& RSA *rsa); +.Ve +.Vb 3 +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, +\& RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR signs the octet string \fBm\fR of size +\&\fBm_len\fR using the private key \fBrsa\fR represented in \s-1DER\s0 using \s-1PKCS\s0 #1 +padding. It stores the signature in \fBsigret\fR and the signature size +in \fBsiglen\fR. \fBsigret\fR must point to \fBRSA_size(rsa)\fR bytes of +memory. +.PP +\&\fBdummy\fR is ignored. +.PP +The random number generator must be seeded prior to calling \fIRSA_sign_ASN1_OCTET_STRING()\fR. +.PP +\&\fIRSA_verify_ASN1_OCTET_STRING()\fR verifies that the signature \fBsigbuf\fR +of size \fBsiglen\fR is the \s-1DER\s0 representation of a given octet string +\&\fBm\fR of size \fBm_len\fR. \fBdummy\fR is ignored. \fBrsa\fR is the signer's +public key. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR returns 1 on success, 0 otherwise. +\&\fIRSA_verify_ASN1_OCTET_STRING()\fR returns 1 on successful verification, 0 +otherwise. +.PP +The error codes can be obtained by ERR_get_error(3). +.SH "BUGS" +.IX Header "BUGS" +These functions serve no recognizable purpose. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +err(3), objects(3), rand(3), +rsa(3), RSA_sign(3), +RSA_verify(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_sign_ASN1_OCTET_STRING()\fR and \fIRSA_verify_ASN1_OCTET_STRING()\fR were +added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 new file mode 100644 index 0000000..2668a3b --- /dev/null +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -0,0 +1,168 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:46 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA_SIZE 1" +.TH RSA_SIZE 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RSA_size \- get \s-1RSA\s0 modulus size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 1 +\& int RSA_size(RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This function returns the \s-1RSA\s0 modulus size in bytes. It can be used to +determine how much memory must be allocated for an \s-1RSA\s0 encrypted +value. +.PP +\&\fBrsa->n\fR must not be \fB\s-1NULL\s0\fR. +.SH "RETURN VALUE" +.IX Header "RETURN VALUE" +The size in bytes. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRSA_size()\fR is available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 new file mode 100644 index 0000000..91f4e71 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 @@ -0,0 +1,236 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:48 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CIPHER_GET_NAME 1" +.TH SSL_CIPHER_GET_NAME 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher); +\& int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits); +\& char *SSL_CIPHER_get_version(SSL_CIPHER *cipher); +\& char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CIPHER_get_name()\fR returns a pointer to the name of \fBcipher\fR. If the +argument is the \s-1NULL\s0 pointer, a pointer to the constant value \*(L"\s-1NONE\s0\*(R" is +returned. +.PP +\&\fISSL_CIPHER_get_bits()\fR returns the number of secret bits used for \fBcipher\fR. If +\&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the +chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned. +.PP +\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently +\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. +.PP +\&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used +into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least +128 bytes, otherwise a pointer to the the string \*(L"Buffer too small\*(R" is +returned. If \fBbuf\fR is \s-1NULL\s0, a buffer of 128 bytes is allocated using +\&\fIOPENSSL_malloc()\fR. If the allocation fails, a pointer to the string +\&\*(L"OPENSSL_malloc Error\*(R" is returned. +.SH "NOTES" +.IX Header "NOTES" +The number of bits processed can be different from the secret bits. An +export cipher like e.g. \s-1EXP-RC4\-MD5\s0 has only 40 secret bits. The algorithm +does use the full 128 bits (which would be returned for \fBalg_bits\fR), of +which however 88bits are fixed. The search space is hence only 40 bits. +.PP +The string returned by \fISSL_CIPHER_description()\fR in case of success consists +of cleartext information separated by one or more blanks in the following +sequence: +.Ip "<ciphername>" 4 +.IX Item "<ciphername>" +Textual representation of the cipher name. +.Ip "<protocol version>" 4 +.IX Item "<protocol version>" +Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. +.Ip "Kx=<key exchange>" 4 +.IX Item "Kx=<key exchange>" +Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fBRSA(512)\fR or +\&\fBRSA(1024)\fR), \fB\s-1DH\s0\fR (for export ciphers as \fBDH(512)\fR or \fBDH(1024)\fR), +\&\fB\s-1DH/RSA\s0\fR, \fB\s-1DH/DSS\s0\fR, \fBFortezza\fR. +.Ip "Au=<authentication>" 4 +.IX Item "Au=<authentication>" +Authentication method: \fB\s-1RSA\s0\fR, \fB\s-1DSS\s0\fR, \fB\s-1DH\s0\fR, \fBNone\fR. None is the +representation of anonymous ciphers. +.Ip "Enc=<symmetric encryption method>" 4 +.IX Item "Enc=<symmetric encryption method>" +Encryption method with number of secret bits: \fBDES(40)\fR, \fBDES(56)\fR, +\&\fB3DES(168)\fR, \fBRC4(40)\fR, \fBRC4(56)\fR, \fBRC4(64)\fR, \fBRC4(128)\fR, +\&\fBRC2(40)\fR, \fBRC2(56)\fR, \fBRC2(128)\fR, \fBIDEA(128)\fR, \fBFortezza\fR, \fBNone\fR. +.Ip "Mac=<message authentication code>" 4 +.IX Item "Mac=<message authentication code>" +Message digest: \fB\s-1MD5\s0\fR, \fB\s-1SHA1\s0\fR. +.Ip "<export flag>" 4 +.IX Item "<export flag>" +If the cipher is flagged exportable with respect to old \s-1US\s0 crypto +regulations, the word "\fBexport\fR" is printed. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Some examples for the output of \fISSL_CIPHER_description()\fR: +.PP +.Vb 4 +\& EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 +\& EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 +\& RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 +\& EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export +.Ve +.SH "BUGS" +.IX Header "BUGS" +If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the +library crashes. +.PP +If \fISSL_CIPHER_description()\fR cannot handle a built-in cipher, the according +description of the cipher property is \fBunknown\fR. This case should not +occur. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_current_cipher(3), +SSL_get_ciphers(3), ciphers(1) diff --git a/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 new file mode 100644 index 0000000..de7e524 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_COMP_ADD_COMPRESSION_METHOD 1" +.TH SSL_COMP_ADD_COMPRESSION_METHOD 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_COMP_add_compression_method()\fR adds the compression method \fBcm\fR with +the identifier \fBid\fR to the list of available compression methods. This +list is globally maintained for all \s-1SSL\s0 operations within this application. +It cannot be set for specific \s-1SSL_CTX\s0 or \s-1SSL\s0 objects. +.SH "NOTES" +.IX Header "NOTES" +The \s-1TLS\s0 standard (or SSLv3) allows the integration of compression methods +into the communication. The \s-1TLS\s0 \s-1RFC\s0 does however not specify compression +methods or their corresponding identifiers, so there is currently no compatible +way to integrate compression with unknown peers. It is therefore currently not +recommended to integrate compression into applications. Applications for +non-public use may agree on certain compression methods. Using different +compression methods with the same identifier will lead to connection failure. +.PP +An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) +will unconditionally send the list of all compression methods enabled with +\&\fISSL_COMP_add_compression_method()\fR to the server during the handshake. +Unlike the mechanisms to set a cipher list, there is no method available to +restrict the list of compression method on a per connection basis. +.PP +An OpenSSL server will match the identifiers listed by a client against +its own compression methods and will unconditionally activate compression +when a matching identifier is found. There is no way to restrict the list +of compression methods supported on a per connection basis. +.PP +The OpenSSL library has the compression methods \fB\f(BICOMP_rle()\fB\fR and (when +especially enabled during compilation) \fB\f(BICOMP_zlib()\fB\fR available. +.SH "WARNINGS" +.IX Header "WARNINGS" +Once the identities of the compression methods for the \s-1TLS\s0 protocol have +been standardized, the compression \s-1API\s0 will most likely be changed. Using +it in the current state is not recommended. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_COMP_add_compression_method()\fR may return the following values: +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.Ip "0" 4 +The operation failed. Check the error queue to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 new file mode 100644 index 0000000..bb59b1c --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:50 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_ADD_EXTRA_CHAIN_CERT 1" +.TH SSL_CTX_ADD_EXTRA_CHAIN_CERT 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_add_extra_chain_cert \- add certificate to chain +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_extra_chain_cert()\fR adds the certificate \fBx509\fR to the certificate +chain presented together with the certificate. Several certificates +can be added one after the other. +.SH "NOTES" +.IX Header "NOTES" +When constructing the certificate chain, the chain will be formed from +these certificates explicitly specified. If no chain is specified, +the library will try to complete the chain from the available \s-1CA\s0 +certificates in the trusted \s-1CA\s0 storage, see +SSL_CTX_load_verify_locations(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the +error stack to find out the reason for failure otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_use_certificate(3), +SSL_CTX_load_verify_locations(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_add_session.3 b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 new file mode 100644 index 0000000..ba54d47 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_add_session.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:52 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_ADD_SESSION 1" +.TH SSL_CTX_ADD_SESSION 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c); +\& int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.Vb 2 +\& int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +\& int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_add_session()\fR adds the session \fBc\fR to the context \fBctx\fR. The +reference count for session \fBc\fR is incremented by 1. If a session with +the same session id already exists, the old session is removed by calling +SSL_SESSION_free(3). +.PP +\&\fISSL_CTX_remove_session()\fR removes the session \fBc\fR from the context \fBctx\fR. +SSL_SESSION_free(3) is called once for \fBc\fR. +.PP +\&\fISSL_add_session()\fR and \fISSL_remove_session()\fR are synonyms for their +SSL_CTX_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. In this case +it is assumed that both sessions are identical. If the same session is +stored in a different \s-1SSL_SESSION\s0 object, The old session is +removed and replaced by the new session. If the session is actually +identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR +is a no-op, and the return value is 0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following values are returned by all functions: +.Ip "0" 4 +.Vb 3 +\& The operation failed. In case of the add operation, it was tried to add +\& the same (identical) session twice. In case of the remove operation, the +\& session was not found in the cache. +.Ve +.Ip "1" 4 +.IX Item "1" +.Vb 1 +\& The operation succeeded. +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_free(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 new file mode 100644 index 0000000..7d135ef --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_ctrl.3 @@ -0,0 +1,171 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:13 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_CTRL 1" +.TH SSL_CTX_CTRL 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg); +\& long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)()); +.Ve +.Vb 2 +\& long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg); +\& long SSL_callback_ctrl(SSL *, int cmd, void (*fp)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The SSL_*\fI_ctrl()\fR family of functions is used to manipulate settings of +the \s-1SSL_CTX\s0 and \s-1SSL\s0 objects. Depending on the command \fBcmd\fR the arguments +\&\fBlarg\fR, \fBparg\fR, or \fBfp\fR are evaluated. These functions should never +be called directly. All functionalities needed are made available via +other functions or macros. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The return values of the SSL*\fI_ctrl()\fR functions depend on the command +supplied via the \fBcmd\fR parameter. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 new file mode 100644 index 0000000..a555577 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:54 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_FLUSH_SESSIONS 1" +.TH SSL_CTX_FLUSH_SESSIONS 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm); +\& void SSL_flush_sessions(SSL_CTX *ctx, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_flush_sessions()\fR causes a run through the session cache of +\&\fBctx\fR to remove sessions expired at time \fBtm\fR. +.PP +\&\fISSL_flush_sessions()\fR is a synonym for \fISSL_CTX_flush_sessions()\fR. +.SH "NOTES" +.IX Header "NOTES" +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see \fISSL_CTX_sess_set_cache_size()\fR). +As sessions will not be reused ones they are expired, they should be +removed from the cache to save resources. This can either be done + automatically whenever 255 new sessions were established (see +SSL_CTX_set_session_cache_mode(3)) +or manually by calling \fISSL_CTX_flush_sessions()\fR. +.PP +The parameter \fBtm\fR specifies the time which should be used for the +expiration test, in most cases the actual time given by \fItime\fR\|(0) +will be used. +.PP +\&\fISSL_CTX_flush_sessions()\fR will only check sessions stored in the internal +cache. When a session is found and removed, the remove_session_cb is however +called to synchronize with the external cache (see +SSL_CTX_sess_set_get_cb(3)). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_set_timeout(3), +SSL_CTX_sess_set_get_cb(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_free.3 b/secure/lib/libcrypto/man/SSL_CTX_free.3 new file mode 100644 index 0000000..793c082 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_free.3 @@ -0,0 +1,167 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:57 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_FREE 1" +.TH SSL_CTX_FREE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_CTX_free(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_free()\fR decrements the reference count of \fBctx\fR, and removes the +\&\s-1SSL_CTX\s0 object pointed to by \fBctx\fR and frees up the allocated memory if the +the reference count has reached 0. +.PP +It also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_CTX_new(3), ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 new file mode 100644 index 0000000..5d32faa --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:59 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_GET_EX_NEW_INDEX 1" +.TH SSL_CTX_GET_EX_NEW_INDEX 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_CTX_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg); +.Ve +.Vb 1 +\& void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +\&\fISSL_CTX_get_ex_new_index()\fR is used to register a new index for application +specific data. +.PP +\&\fISSL_CTX_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR +into the \fBctx\fR object. +.PP +\&\fISSL_CTX_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBctx\fR. +.PP +A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality +can be found in RSA_get_ex_new_index(3). +The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in +CRYPTO_set_ex_data(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +RSA_get_ex_new_index(3), +CRYPTO_set_ex_data(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 new file mode 100644 index 0000000..f1cd380 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_GET_VERIFY_MODE 1" +.TH SSL_CTX_GET_VERIFY_MODE 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& int SSL_CTX_get_verify_mode(SSL_CTX *ctx); +\& int SSL_get_verify_mode(SSL *ssl); +\& int SSL_CTX_get_verify_depth(SSL_CTX *ctx); +\& int SSL_get_verify_depth(SSL *ssl); +\& int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *); +\& int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get_verify_mode()\fR returns the verification mode currently set in +\&\fBctx\fR. +.PP +\&\fISSL_get_verify_mode()\fR returns the verification mode currently set in +\&\fBssl\fR. +.PP +\&\fISSL_CTX_get_verify_depth()\fR returns the verification depth limit currently set +in \fBctx\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_get_verify_depth()\fR returns the verification depth limit currently set +in \fBssl\fR. If no limit has been explicitly set, \-1 is returned and the +default value will be used. +.PP +\&\fISSL_CTX_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBctx\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.PP +\&\fISSL_get_verify_callback()\fR returns a function pointer to the verification +callback currently set in \fBssl\fR. If no callback was explicitly set, the +\&\s-1NULL\s0 pointer is returned and the default callback will be used. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 new file mode 100644 index 0000000..6efaff0 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,254 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:03 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_LOAD_VERIFY_LOCATIONS 1" +.TH SSL_CTX_LOAD_VERIFY_LOCATIONS 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0 +certificates +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, +\& const char *CApath); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_load_verify_locations()\fR specifies the locations for \fBctx\fR, at +which \s-1CA\s0 certificates for verification purposes are located. The certificates +available via \fBCAfile\fR and \fBCApath\fR are trusted. +.SH "NOTES" +.IX Header "NOTES" +If \fBCAfile\fR is not \s-1NULL\s0, it points to a file of \s-1CA\s0 certificates in \s-1PEM\s0 +format. The file can contain several \s-1CA\s0 certificates identified by +.PP +.Vb 3 +\& -----BEGIN CERTIFICATE----- +\& ... (CA certificate in base64 encoding) ... +\& -----END CERTIFICATE----- +.Ve +sequences. Before, between, and after the certificates text is allowed +which can be used e.g. for descriptions of the certificates. +.PP +The \fBCAfile\fR is processed on execution of the \fISSL_CTX_load_verify_locations()\fR +function. +.PP +If \fBCApath\fR is not \s-1NULL\s0, it points to a directory containing \s-1CA\s0 certificates +in \s-1PEM\s0 format. The files each contain one \s-1CA\s0 certificate. The files are +looked up by the \s-1CA\s0 subject name hash value, which must hence be available. +If more than one \s-1CA\s0 certificate with the same name hash value exist, the +extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search +is performed in the ordering of the extension number, regardless of other +properties of the certificates. +Use the \fBc_rehash\fR utility to create the necessary links. +.PP +The certificates in \fBCApath\fR are only looked up when required, e.g. when +building the certificate chain or when actually performing the verification +of a peer certificate. +.PP +When looking up \s-1CA\s0 certificates, the OpenSSL library will first search the +certificates in \fBCAfile\fR, then those in \fBCApath\fR. Certificate matching +is done based on the subject name, the key identifier (if present), and the +serial number as taken from the certificate to be verified. If these data +do not match, the next certificate will be tried. If a first certificate +matching the parameters is found, the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.PP +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. This list +is not influenced by the contents of \fBCAfile\fR or \fBCApath\fR and must +explicitly be set using the +SSL_CTX_set_client_CA_list(3) +family of functions. +.PP +When building its own certificate chain, an OpenSSL client/server will +try to fill in missing certificates from \fBCAfile\fR/\fBCApath\fR, if the +certificate chain was not explicitly specified (see +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_use_certificate(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +If several \s-1CA\s0 certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. This +may lead to unexpected results if the same \s-1CA\s0 certificate is available +with different expiration dates. If a \*(L"certificate expired\*(R" verification +error occurs, no other certificate will be searched. Make sure to not +have expired certificates mixed with valid ones. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate a \s-1CA\s0 certificate file with descriptive text from the \s-1CA\s0 certificates +ca1.pem ca2.pem ca3.pem: +.PP +.Vb 5 +\& #!/bin/sh +\& rm CAfile.pem +\& for i in ca1.pem ca2.pem ca3.pem ; do +\& openssl x509 -in $i -text >> CAfile.pem +\& done +.Ve +Prepare the directory /some/where/certs containing several \s-1CA\s0 certificates +for use as \fBCApath\fR: +.PP +.Vb 2 +\& cd /some/where/certs +\& c_rehash . +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The operation failed because \fBCAfile\fR and \fBCApath\fR are \s-1NULL\s0 or the +processing at one of the locations specified failed. Check the error +stack to find out the reason. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_client_CA_list(3), +SSL_get_client_CA_list(3), +SSL_CTX_use_certificate(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_set_cert_store(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_new.3 b/secure/lib/libcrypto/man/SSL_CTX_new.3 new file mode 100644 index 0000000..6b135cf --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_new.3 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:06 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_NEW 1" +.TH SSL_CTX_NEW 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& SSL_CTX *SSL_CTX_new(SSL_METHOD *method); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_new()\fR creates a new \fB\s-1SSL_CTX\s0\fR object as framework to establish +\&\s-1TLS/SSL\s0 enabled connections. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_CTX\s0 object uses \fBmethod\fR as connection method. The methods exist +in a generic type (for client and server use), a server only type, and a +client only type. \fBmethod\fR can be of the following types: +.Ip "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" 4 +.IX Item "SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will only understand +the SSLv2 protocol. A client will send out SSLv2 client hello messages +and will also indicate that it only understand SSLv2. A server will only +understand SSLv2 client hello messages. +.Ip "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" 4 +.IX Item "SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +SSLv3 protocol. A client will send out SSLv3 client hello messages +and will indicate that it only understands SSLv3. A server will only understand +SSLv3 client hello messages. This especially means, that it will +not understand SSLv2 client hello messages which are widely used for +compatibility reasons, see SSLv23_*\fI_method()\fR. +.Ip "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" 4 +.IX Item "TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will only understand the +TLSv1 protocol. A client will send out TLSv1 client hello messages +and will indicate that it only understands TLSv1. A server will only understand +TLSv1 client hello messages. This especially means, that it will +not understand SSLv2 client hello messages which are widely used for +compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand +SSLv3 client hello messages. +.Ip "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 +.IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" +A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2, +SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages +and will indicate that it also understands SSLv3 and TLSv1. A server will +understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best +choice when compatibility is a concern. +.PP +The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, +SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or +\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose +e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible +clients, but to only allow newer protocols like SSLv3 or TLSv1. +.PP +\&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, +the callbacks, the keys and certificates, and the options to its default +values. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL_CTX\s0 object failed. Check the error stack to +find out the reason. +.Ip "Pointer to an \s-1SSL_CTX\s0 object" 4 +.IX Item "Pointer to an SSL_CTX object" +The return value points to an allocated \s-1SSL_CTX\s0 object. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_CTX_free(3), SSL_accept(3), +ssl(3), SSL_set_connect_state(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 new file mode 100644 index 0000000..d3e0fb5 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_number.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:56 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SESS_NUMBER 1" +.TH SSL_CTX_SESS_NUMBER 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 12 +\& long SSL_CTX_sess_number(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_good(SSL_CTX *ctx); +\& long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx); +\& long SSL_CTX_sess_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_cb_hits(SSL_CTX *ctx); +\& long SSL_CTX_sess_misses(SSL_CTX *ctx); +\& long SSL_CTX_sess_timeouts(SSL_CTX *ctx); +\& long SSL_CTX_sess_cache_full(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_number()\fR returns the current number of sessions in the internal +session cache. +.PP +\&\fISSL_CTX_sess_connect()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +client mode. +.PP +\&\fISSL_CTX_sess_connect_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in client mode. +.PP +\&\fISSL_CTX_sess_connect_renegotiate()\fR returns the number of start renegotiations +in client mode. +.PP +\&\fISSL_CTX_sess_accept()\fR returns the number of started \s-1SSL/TLS\s0 handshakes in +server mode. +.PP +\&\fISSL_CTX_sess_accept_good()\fR returns the number of successfully established +\&\s-1SSL/TLS\s0 sessions in server mode. +.PP +\&\fISSL_CTX_sess_accept_renegotiate()\fR returns the number of start renegotiations +in server mode. +.PP +\&\fISSL_CTX_sess_hits()\fR returns the number of successfully reused sessions. +In client mode a session set with SSL_set_session(3) +successfully reused is counted as a hit. In server mode a session successfully +retrieved from internal or external cache is counted as a hit. +.PP +\&\fISSL_CTX_sess_cb_hits()\fR returns the number of successfully retrieved sessions +from the external session cache in server mode. +.PP +\&\fISSL_CTX_sess_misses()\fR returns the number of sessions proposed by clients +that were not found in the internal session cache in server mode. +.PP +\&\fISSL_CTX_sess_timeouts()\fR returns the number of sessions proposed by clients +and either found in the internal or external session cache in server mode, + but that were invalid due to timeout. These sessions are not included in +the \fISSL_CTX_sess_hits()\fR count. +.PP +\&\fISSL_CTX_sess_cache_full()\fR returns the number of sessions that were removed +because the maximum session cache size was exceeded. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The functions return the values indicated in the \s-1DESCRIPTION\s0 section. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3) +SSL_CTX_sess_set_cache_size(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 new file mode 100644 index 0000000..dcd7eb1 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,186 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:08 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_CACHE_SIZE 1" +.TH SSL_CTX_SESS_SET_CACHE_SIZE 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t); +\& long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_cache_size()\fR sets the size of the internal session cache +of context \fBctx\fR to \fBt\fR. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid session cache size. +.SH "NOTES" +.IX Header "NOTES" +The internal session cache size is \s-1SSL_SESSION_CACHE_MAX_SIZE_DEFAULT\s0, +currently 1024*20, so that up to 20000 sessions can be held. This size +can be modified using the \fISSL_CTX_sess_set_cache_size()\fR call. A special +case is the size 0, which is used for unlimited size. +.PP +When the maximum number of sessions is reached, no more new sessions are +added to the cache. New space may be added by calling +SSL_CTX_flush_sessions(3) to remove +expired sessions. +.PP +If the size of the session cache is reduced and more sessions are already +in the session cache, old session will be removed at the next time a +session shall be added. This removal is not synchronized with the +expiration of sessions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_sess_set_cache_size()\fR returns the previously valid size. +.PP +\&\fISSL_CTX_sess_get_cache_size()\fR returns the currently valid size. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_sess_number(3), +SSL_CTX_flush_sessions(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 0000000..a253ab6 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SESS_SET_GET_CB 1" +.TH SSL_CTX_SESS_SET_GET_CB 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, +\& int (*new_session_cb)(SSL *, SSL_SESSION *)); +\& void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, +\& void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)); +\& void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, +\& SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *)); +.Ve +.Vb 3 +\& int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess); +\& void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +\& SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy); +.Ve +.Vb 4 +\& int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess); +\& void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess); +\& SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data, +\& int len, int *copy); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sess_set_new_cb()\fR sets the callback function, which is automatically +called whenever a new session was negotiated. +.PP +\&\fISSL_CTX_sess_set_remove_cb()\fR sets the callback function, which is +automatically called whenever a session is removed by the \s-1SSL\s0 engine, +because it is considered faulty or the session has become obsolete because +of exceeding the timeout value. +.PP +\&\fISSL_CTX_sess_set_get_cb()\fR sets the callback function which is called, +whenever a \s-1SSL/TLS\s0 client proposed to resume a session but the session +could not be found in the internal session cache (see +SSL_CTX_set_session_cache_mode(3)). +(\s-1SSL/TLS\s0 server only.) +.PP +\&\fISSL_CTX_sess_get_new_cb()\fR, \fISSL_CTX_sess_get_remove_cb()\fR, and +\&\fISSL_CTX_sess_get_get_cb()\fR allow to retrieve the function pointers of the +provided callback functions. If a callback function has not been set, +the \s-1NULL\s0 pointer is returned. +.SH "NOTES" +.IX Header "NOTES" +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. Inside these callback +functions, session can be saved to disk or put into a database using the +d2i_SSL_SESSION(3) interface. +.PP +The \fInew_session_cb()\fR is called, whenever a new session has been negotiated +and session caching is enabled (see +SSL_CTX_set_session_cache_mode(3)). +The \fInew_session_cb()\fR is passed the \fBssl\fR connection and the ssl session +\&\fBsess\fR. If the callback returns \fB0\fR, the session will be immediately +removed again. +.PP +The \fIremove_session_cb()\fR is called, whenever the \s-1SSL\s0 engine removes a session +from the internal cache. This happens if the session is removed because +it is expired or when a connection was not shutdown cleanly. The +\&\fIremove_session_cb()\fR is passed the \fBctx\fR and the ssl session \fBsess\fR. +It does not provide any feedback. +.PP +The \fIget_session_cb()\fR is only called on \s-1SSL/TLS\s0 servers with the session id +proposed by the client. The \fIget_session_cb()\fR is always called, also when +session caching was disabled. The \fIget_session_cb()\fR is passed the +\&\fBssl\fR connection, the session id of length \fBlength\fR at the memory location +\&\fBdata\fR. With the parameter \fBcopy\fR the callback can require the +\&\s-1SSL\s0 engine to increment the reference count of the \s-1SSL_SESSION\s0 object, +Normally the reference count is not incremented and therefore the +session must not be explicitly freed with +SSL_SESSION_free(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), d2i_SSL_SESSION(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), +SSL_SESSION_free(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_sessions.3 b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 new file mode 100644 index 0000000..dc0e6b3 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_sessions.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:12 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SESSIONS 1" +.TH SSL_CTX_SESSIONS 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_sessions \- access internal session cache +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_sessions()\fR returns a pointer to the lhash databases containing the +internal session cache for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +The sessions in the internal session cache are kept in an +lhash(3) type database. It is possible to directly +access this database e.g. for searching. In parallel, the sessions +form a linked list which is maintained separately from the +lhash(3) operations, so that the database must not be +modified directly but by using the +SSL_CTX_add_session(3) family of functions. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), lhash(3), +SSL_CTX_add_session(3), +SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 new file mode 100644 index 0000000..92db7cd --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 @@ -0,0 +1,192 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:15 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_STORE 1" +.TH SSL_CTX_SET_CERT_STORE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); +\& X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_store()\fR sets/replaces the certificate verification storage +of \fBctx\fR to/with \fBstore\fR. If another X505_STORE object is currently +set in \fBctx\fR, it will be \fIX509_STORE_free()\fRed. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns a pointer to the current certificate +verification storage. +.SH "NOTES" +.IX Header "NOTES" +In order to verify the certificates presented by the peer, trusted \s-1CA\s0 +certificates must be accessed. These \s-1CA\s0 certificates are made available +via lookup methods, handled inside the X509_STORE. From the X509_STORE +the X509_STORE_CTX used when verifying certificates is created. +.PP +Typically the trusted certificate store is handled indirectly via using +SSL_CTX_load_verify_locations(3). +Using the \fISSL_CTX_set_cert_store()\fR and \fISSL_CTX_get_cert_store()\fR functions +it is possible to manipulate the X509_STORE object beyond the +SSL_CTX_load_verify_locations(3) +call. +.PP +Currently no detailed documentation on how to use the X509_STORE +object is available. Not all members of the X509_STORE are used when +the verification takes place. So will e.g. the \fIverify_callback()\fR be +overridden with the \fIverify_callback()\fR set via the +SSL_CTX_set_verify(3) family of functions. +This document must therefore be updated when documentation about the +X509_STORE object and its handling becomes available. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_store()\fR does not return diagnostic output. +.PP +\&\fISSL_CTX_get_cert_store()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 new file mode 100644 index 0000000..08600d4 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,208 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:17 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_CERT_VERIFY_CALLBACK 1" +.TH SSL_CTX_SET_CERT_VERIFY_CALLBACK 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(), +\& char *arg); +\& int (*callback)(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for +\&\fBctx\fR. \s-1SSL\s0 objects, that are created from \fBctx\fR inherit the setting valid at +the time, SSL_new(3) is called. \fBarg\fR is currently ignored. +.SH "NOTES" +.IX Header "NOTES" +Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback \fBcallback\fR is specified via +\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called +instead. By setting \fBcallback\fR to \s-1NULL\s0, the default behaviour is restored. +.PP +When the verification must be performed, \fBcallback\fR will be called with +the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments \fBarg\fR +that can be specified when setting \fBcallback\fR are currently ignored. +.PP +\&\fBcallback\fR should return 1 to indicate verification success and 0 to +indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fBcallback\fR +returns 0, the handshake will fail. As the verification procedure may +allow to continue the connection in case of failure (by always returning 1) +the verification result must be set in any case using the \fBerror\fR +member of \fBx509_store_ctx\fR, so that the calling application will be informed +about the detailed result of the verification procedure! +.PP +Within \fBx509_store_ctx\fR, \fBcallback\fR has access to the \fBverify_callback\fR +function set using SSL_CTX_set_verify(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +Do not mix the verification callback described in this function with the +\&\fBverify_callback\fR function called during the verification process. The +latter is set using the SSL_CTX_set_verify(3) +family of functions. +.PP +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the \fBverify_callback\fR function. +.SH "BUGS" +.IX Header "BUGS" +It is possible to specify arguments to be passed to the verification callback. +Currently they are however not passed but ignored. +.PP +The \fBcallback\fR function is not specified via a prototype, so that no +type checking takes place. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_verify(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 new file mode 100644 index 0000000..86fbd9a --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:14 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_CIPHER_LIST 1" +.TH SSL_CTX_SET_CIPHER_LIST 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); +\& int SSL_set_cipher_list(SSL *ssl, const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_cipher_list()\fR sets the list of available ciphers for \fBctx\fR +using the control string \fBstr\fR. The format of the string is described +in ciphers(1). The list of ciphers is inherited by all +\&\fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_set_cipher_list()\fR sets the list of ciphers only for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The control string \fBstr\fR should be universally usable and not depend +on details of the library configuration (ciphers compiled in). Thus no +syntax checking takes place. Items that are not recognized, because the +corresponding ciphers are not compiled in or because they are mistyped, +are simply ignored. Failure is only flagged if no ciphers could be collected +at all. +.PP +It should be noted, that inclusion of a cipher to be used into the list is +a necessary condition. On the client side, the inclusion into the list is +also sufficient. On the server side, additional restrictions apply. All ciphers +have additional requirements. \s-1ADH\s0 ciphers don't need a certificate, but +DH-parameters must have been set. All other ciphers need a corresponding +certificate and key. +.PP +A \s-1RSA\s0 cipher can only be chosen, when a \s-1RSA\s0 certificate is available. +\&\s-1RSA\s0 export ciphers with a keylength of 512 bits for the \s-1RSA\s0 key require +a temporary 512 bit \s-1RSA\s0 key, as typically the supplied key has a length +of 1024 bit (see +SSL_CTX_set_tmp_rsa_callback(3)). +\&\s-1RSA\s0 ciphers using \s-1EDH\s0 need a certificate and key and additional DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)). +.PP +A \s-1DSA\s0 cipher can only be chosen, when a \s-1DSA\s0 certificate is available. +\&\s-1DSA\s0 ciphers always use \s-1DH\s0 key exchange and therefore need DH-parameters +(see SSL_CTX_set_tmp_dh_callback(3)). +.PP +When these conditions are not met for any cipher in the list (e.g. a +client only supports export \s-1RSA\s0 ciphers with a asymmetric key length +of 512 bits and the server is not configured to use temporary \s-1RSA\s0 +keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated +and the handshake will fail. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher +could be selected and 0 on complete failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_ciphers(3), +SSL_CTX_use_certificate(3), +SSL_CTX_set_tmp_rsa_callback(3), +SSL_CTX_set_tmp_dh_callback(3), +ciphers(1) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 new file mode 100644 index 0000000..24a7102 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:17 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_CLIENT_CA_LIST 1" +.TH SSL_CTX_SET_CLIENT_CA_LIST 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, +SSL_add_client_CA \- set list of CAs sent to the client when requesting a +client certificate +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); +\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); +\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); +\& int SSL_add_client_CA(SSL *ssl, X509 *cacert); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for \fBctx\fR. +.PP +\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +requesting a client certificate for the chosen \fBssl\fR, overriding the +setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.PP +\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +\&\fBctx\fR. +.PP +\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +list of CAs sent to the client when requesting a client certificate for +the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. +.SH "NOTES" +.IX Header "NOTES" +When a \s-1TLS/SSL\s0 server requests a client certificate (see +\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which +it will accept certificates, to the client. +.PP +This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for +\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list +specified overrides the previous setting. The CAs listed do not become +trusted (\fBlist\fR only contains the names, not the complete certificates); use +SSL_CTX_load_verify_locations(3) +to additionally load them for verification. +.PP +If the list of acceptable CAs is compiled in a file, the +SSL_load_client_CA_file(3) +function can be used to help importing the necessary data. +.PP +\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional +items the list of client CAs. If no list was specified before using +\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client +\&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. +.PP +These functions are only useful for \s-1TLS/SSL\s0 servers. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return +values: +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.Ip "0" 4 +A failure while manipulating the STACK_OF(X509_NAME) object occurred or +the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack +to find out the reason. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: +.PP +.Vb 1 +\& SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile)); +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_get_client_CA_list(3), +SSL_load_client_CA_file(3), +SSL_CTX_load_verify_locations(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 new file mode 100644 index 0000000..91c5b1e --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,213 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:19 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_DEFAULT_PASSWD_CB 1" +.TH SSL_CTX_SET_DEFAULT_PASSWD_CB 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); +\& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); +.Ve +.Vb 1 +\& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called +when loading/storing a \s-1PEM\s0 certificate with encryption. +.PP +\&\fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which +will be provided to the password callback on invocation. +.PP +The \fIpem_passwd_cb()\fR, which must be provided by the application, hands back the +password to be used during decryption. On invocation a pointer to \fBuserdata\fR +is provided. The pem_passwd_cb must write the password into the provided buffer +\&\fBbuf\fR which is of size \fBsize\fR. The actual length of the password must +be returned to the calling function. \fBrwflag\fR indicates whether the +callback is used for reading/decryption (rwflag=0) or writing/encryption +(rwflag=1). +.SH "NOTES" +.IX Header "NOTES" +When loading or storing private keys, a password might be supplied to +protect the private key. The way this password can be supplied may depend +on the application. If only one private key is handled, it can be practical +to have \fIpem_passwd_cb()\fR handle the password dialog interactively. If several +keys have to be handled, it can be practical to ask for the password once, +then keep it in memory and use it several times. In the last case, the +password could be stored into the \fBuserdata\fR storage and the +\&\fIpem_passwd_cb()\fR only returns the password already stored. +.PP +When asking for the password interactively, \fIpem_passwd_cb()\fR can use +\&\fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1). +In this case the password dialog may ask for the same password twice +for comparison in order to catch typos, that would make decryption +impossible. +.PP +Other items in \s-1PEM\s0 formatting (certificates) can also be encrypted, it is +however not usual, as certificate information is considered public. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_default_passwd_cb()\fR and \fISSL_CTX_set_default_passwd_cb_userdata()\fR +do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example returns the password provided as \fBuserdata\fR to the +calling function. The password is considered to be a '\e0' terminated +string. If the password does not fit into the buffer, the password is +truncated. +.PP +.Vb 6 +\& int pem_passwd_cb(char *buf, int size, int rwflag, void *password) +\& { +\& strncpy(buf, (char *)(password), size); +\& buf[size - 1] = '\e0'; +\& return(strlen(buf)); +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_use_certificate(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 new file mode 100644 index 0000000..987ee77 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 @@ -0,0 +1,284 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:19 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_INFO_CALLBACK 1" +.TH SSL_CTX_SET_INFO_CALLBACK 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)()); +\& void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(); +.Ve +.Vb 2 +\& void SSL_set_info_callback(SSL *ssl, void (*callback)()); +\& void (*SSL_get_info_callback(SSL *ssl))(); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \s-1SSL\s0 objects created from \fBctx\fR during connection +setup and use. The setting for \fBctx\fR is overridden from the setting for +a specific \s-1SSL\s0 object, if specified. +When \fBcallback\fR is \s-1NULL\s0, not callback function is used. +.PP +\&\fISSL_set_info_callback()\fR sets the \fBcallback\fR function, that can be used to +obtain state information for \fBssl\fR during connection setup and use. +When \fBcallback\fR is \s-1NULL\s0, the callback setting currently valid for +\&\fBctx\fR is used. +.PP +\&\fISSL_CTX_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBctx\fR. +.PP +\&\fISSL_get_info_callback()\fR returns a pointer to the currently set information +callback function for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When setting up a connection and during use, it is possible to obtain state +information from the \s-1SSL/TLS\s0 engine. When set, an information callback function +is called whenever the state changes, an alert appears, or an error occurs. +.PP +The callback function is called as \fBcallback(\s-1SSL\s0 *ssl, int where, int ret)\fR. +The \fBwhere\fR argument specifies information about where (in which context) +the callback function was called. If \fBret\fR is 0, an error condition occurred. +If an alert is handled, \s-1SSL_CB_ALERT\s0 is set and \fBret\fR specifies the alert +information. +.PP +\&\fBwhere\fR is a bitmask made up of the following bits: +.Ip "\s-1SSL_CB_LOOP\s0" 4 +.IX Item "SSL_CB_LOOP" +Callback has been called to indicate state change inside a loop. +.Ip "\s-1SSL_CB_EXIT\s0" 4 +.IX Item "SSL_CB_EXIT" +Callback has been called to indicate error exit of a handshake function. +(May be soft error with retry option for non-blocking setups.) +.Ip "\s-1SSL_CB_READ\s0" 4 +.IX Item "SSL_CB_READ" +Callback has been called during read operation. +.Ip "\s-1SSL_CB_WRITE\s0" 4 +.IX Item "SSL_CB_WRITE" +Callback has been called during write operation. +.Ip "\s-1SSL_CB_ALERT\s0" 4 +.IX Item "SSL_CB_ALERT" +Callback has been called due to an alert being sent or received. +.Ip "\s-1SSL_CB_READ_ALERT\s0 (SSL_CB_ALERT|SSL_CB_READ)" 4 +.IX Item "SSL_CB_READ_ALERT (SSL_CB_ALERT|SSL_CB_READ)" +.PD 0 +.Ip "\s-1SSL_CB_WRITE_ALERT\s0 (SSL_CB_ALERT|SSL_CB_WRITE)" 4 +.IX Item "SSL_CB_WRITE_ALERT (SSL_CB_ALERT|SSL_CB_WRITE)" +.Ip "\s-1SSL_CB_ACCEPT_LOOP\s0 (SSL_ST_ACCEPT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_ACCEPT_LOOP (SSL_ST_ACCEPT|SSL_CB_LOOP)" +.Ip "\s-1SSL_CB_ACCEPT_EXIT\s0 (SSL_ST_ACCEPT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_ACCEPT_EXIT (SSL_ST_ACCEPT|SSL_CB_EXIT)" +.Ip "\s-1SSL_CB_CONNECT_LOOP\s0 (SSL_ST_CONNECT|SSL_CB_LOOP)" 4 +.IX Item "SSL_CB_CONNECT_LOOP (SSL_ST_CONNECT|SSL_CB_LOOP)" +.Ip "\s-1SSL_CB_CONNECT_EXIT\s0 (SSL_ST_CONNECT|SSL_CB_EXIT)" 4 +.IX Item "SSL_CB_CONNECT_EXIT (SSL_ST_CONNECT|SSL_CB_EXIT)" +.Ip "\s-1SSL_CB_HANDSHAKE_START\s0" 4 +.IX Item "SSL_CB_HANDSHAKE_START" +.PD +Callback has been called because a new handshake is started. +.Ip "\s-1SSL_CB_HANDSHAKE_DONE\s0 0x20" 4 +.IX Item "SSL_CB_HANDSHAKE_DONE 0x20" +Callback has been called because a handshake is finished. +.PP +The current state information can be obtained using the +SSL_state_string(3) family of functions. +.PP +The \fBret\fR information can be evaluated using the +SSL_alert_type_string(3) family of functions. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_info_callback()\fR does not provide diagnostic information. +.PP +\&\fISSL_get_info_callback()\fR returns the current setting. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following example callback function prints state strings, information +about alerts being handled and error messages to the \fBbio_err\fR \s-1BIO\s0. +.PP +.Vb 4 +\& void apps_ssl_info_callback(SSL *s, int where, int ret) +\& { +\& const char *str; +\& int w; +.Ve +.Vb 1 +\& w=where& ~SSL_ST_MASK; +.Ve +.Vb 3 +\& if (w & SSL_ST_CONNECT) str="SSL_connect"; +\& else if (w & SSL_ST_ACCEPT) str="SSL_accept"; +\& else str="undefined"; +.Ve +.Vb 24 +\& if (where & SSL_CB_LOOP) +\& { +\& BIO_printf(bio_err,"%s:%s\en",str,SSL_state_string_long(s)); +\& } +\& else if (where & SSL_CB_ALERT) +\& { +\& str=(where & SSL_CB_READ)?"read":"write"; +\& BIO_printf(bio_err,"SSL3 alert %s:%s:%s\en", +\& str, +\& SSL_alert_type_string_long(ret), +\& SSL_alert_desc_string_long(ret)); +\& } +\& else if (where & SSL_CB_EXIT) +\& { +\& if (ret == 0) +\& BIO_printf(bio_err,"%s:failed in %s\en", +\& str,SSL_state_string_long(s)); +\& else if (ret < 0) +\& { +\& BIO_printf(bio_err,"%s:error in %s\en", +\& str,SSL_state_string_long(s)); +\& } +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_state_string(3), +SSL_alert_type_string(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 new file mode 100644 index 0000000..f48ac39 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_mode.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:59 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_MODE 1" +.TH SSL_CTX_SET_MODE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_mode(SSL_CTX *ctx, long mode); +\& long SSL_set_mode(SSL *ssl, long mode); +.Ve +.Vb 2 +\& long SSL_CTX_get_mode(SSL_CTX *ctx); +\& long SSL_get_mode(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBctx\fR. +Options already set before are not cleared. +.PP +\&\fISSL_set_mode()\fR adds the mode set via bitmask in \fBmode\fR to \fBssl\fR. +Options already set before are not cleared. +.PP +\&\fISSL_CTX_get_mode()\fR returns the mode set for \fBctx\fR. +.PP +\&\fISSL_get_mode()\fR returns the mode set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The following mode changes are available: +.Ip "\s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0" 4 +.IX Item "SSL_MODE_ENABLE_PARTIAL_WRITE" +Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success +when just a single record has been written). When not set (the default), +\&\fISSL_write()\fR will only report success once the complete chunk was written. +Once \fISSL_write()\fR returns with r, r bytes have been successfully written +and the next call to \fISSL_write()\fR must only send the n-r bytes left, +imitating the behaviour of \fIwrite()\fR. +.Ip "\s-1SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER\s0" 4 +.IX Item "SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER" +Make it possible to retry \fISSL_write()\fR with changed buffer location +(the buffer contents must stay the same). This is not the default to avoid +the misconception that non-blocking \fISSL_write()\fR behaves like +non-blocking \fIwrite()\fR. +.Ip "\s-1SSL_MODE_AUTO_RETRY\s0" 4 +.IX Item "SSL_MODE_AUTO_RETRY" +Never bother the application with retries if the transport is blocking. +If a renegotiation take place during normal operation, a +SSL_read(3) or SSL_write(3) would return +with \-1 and indicate the need to retry with \s-1SSL_ERROR_WANT_READ\s0. +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +In a blocking environment, applications are not always prepared to +deal with read/write operations returning without success report. The +flag \s-1SSL_MODE_AUTO_RETRY\s0 will cause read/write operations to only +return after the handshake and successful completion. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_mode()\fR and \fISSL_set_mode()\fR return the new mode bitmask +after adding \fBmode\fR. +.PP +\&\fISSL_CTX_get_mode()\fR and \fISSL_get_mode()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_read(3), SSL_write(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_MODE_AUTO_RETRY\s0 as been added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_options.3 b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 new file mode 100644 index 0000000..8c39cd4 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_options.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:23 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_OPTIONS 1" +.TH SSL_CTX_SET_OPTIONS 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_options(SSL_CTX *ctx, long options); +\& long SSL_set_options(SSL *ssl, long options); +.Ve +.Vb 2 +\& long SSL_CTX_get_options(SSL_CTX *ctx); +\& long SSL_get_options(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBctx\fR. +Options already set before are not cleared! +.PP +\&\fISSL_set_options()\fR adds the options set via bitmask in \fBoptions\fR to \fBssl\fR. +Options already set before are not cleared! +.PP +\&\fISSL_CTX_get_options()\fR returns the options set for \fBctx\fR. +.PP +\&\fISSL_get_options()\fR returns the options set for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of the \s-1SSL\s0 library can be changed by setting several options. +The options are coded as bitmasks and can be combined by a logical \fBor\fR +operation (|). Options can only be added but can never be reset. +.PP +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR affect the (external) +protocol behaviour of the \s-1SSL\s0 library. The (internal) behaviour of +the \s-1API\s0 can be changed by using the similar +SSL_CTX_set_modes(3) and \fISSL_set_modes()\fR functions. +.PP +During a handshake, the option settings of the \s-1SSL\s0 object are used. When +a new \s-1SSL\s0 object is created from a context using \fISSL_new()\fR, the current +option setting is copied. Changes to \fBctx\fR do not affect already created +\&\s-1SSL\s0 objects. \fISSL_clear()\fR does not affect the settings. +.PP +The following \fBbug workaround\fR options are available: +.Ip "\s-1SSL_OP_MICROSOFT_SESS_ID_BUG\s0" 4 +.IX Item "SSL_OP_MICROSOFT_SESS_ID_BUG" +www.microsoft.com \- when talking SSLv2, if session-id reuse is +performed, the session-id passed back in the server-finished message +is different from the one decided upon. +.Ip "\s-1SSL_OP_NETSCAPE_CHALLENGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CHALLENGE_BUG" +Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte +challenge but then appears to only use 16 bytes when generating the +encryption keys. Using 16 bytes is ok but it should be ok to use 32. +According to the SSLv3 spec, one should use 32 bytes for the challenge +when operating in SSLv2/v3 compatibility mode, but as mentioned above, +this breaks this server so 16 bytes is the way to go. +.Ip "\s-1SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" +ssl3.netscape.com:443, first a connection is established with \s-1RC4\-MD5\s0. +If it is then resumed, we end up using \s-1DES-CBC3\-SHA\s0. It should be +\&\s-1RC4\-MD5\s0 according to 7.6.1.3, 'cipher_suite'. +.Sp +Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug. +It only really shows up when connecting via SSLv2/v3 then reconnecting +via SSLv3. The cipher list changes.... +.Sp +\&\s-1NEW\s0 \s-1INFORMATION\s0. Try connecting with a cipher list of just +\&\s-1DES-CBC-SHA:RC4\-MD5\s0. For some weird reason, each new connection uses +\&\s-1RC4\-MD5\s0, but a re-connect tries to use \s-1DES-CBC-SHA\s0. So netscape, when +doing a re-connect, always takes the first cipher in the cipher list. +.Ip "\s-1SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG\s0" 4 +.IX Item "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG" +\&... +.Ip "\s-1SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER\s0" 4 +.IX Item "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER" +\&... +.Ip "\s-1SSL_OP_MSIE_SSLV2_RSA_PADDING\s0" 4 +.IX Item "SSL_OP_MSIE_SSLV2_RSA_PADDING" +\&... +.Ip "\s-1SSL_OP_SSLEAY_080_CLIENT_DH_BUG\s0" 4 +.IX Item "SSL_OP_SSLEAY_080_CLIENT_DH_BUG" +\&... +.Ip "\s-1SSL_OP_TLS_D5_BUG\s0" 4 +.IX Item "SSL_OP_TLS_D5_BUG" +\&... +.Ip "\s-1SSL_OP_TLS_BLOCK_PADDING_BUG\s0" 4 +.IX Item "SSL_OP_TLS_BLOCK_PADDING_BUG" +\&... +.Ip "\s-1SSL_OP_TLS_ROLLBACK_BUG\s0" 4 +.IX Item "SSL_OP_TLS_ROLLBACK_BUG" +Disable version rollback attack detection. +.Sp +During the client key exchange, the client must send the same information +about acceptable \s-1SSL/TLS\s0 protocol levels as during the first hello. Some +clients violate this rule by adapting to the server's answer. (Example: +the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server +only understands up to SSLv3. In this case the client must still use the +same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect +to the server's answer and violate the version rollback protection.) +.Ip "\s-1SSL_OP_ALL\s0" 4 +.IX Item "SSL_OP_ALL" +All of the above bug workarounds. +.PP +It is save and recommended to use \s-1SSL_OP_ALL\s0 to enable the bug workaround +options. +.PP +The following \fBmodifying\fR options are available: +.Ip "\s-1SSL_OP_SINGLE_DH_USE\s0" 4 +.IX Item "SSL_OP_SINGLE_DH_USE" +Always create a new key when using temporary/ephemeral \s-1DH\s0 parameters +(see SSL_CTX_set_tmp_dh_callback(3)). +This option must be used to prevent small subgroup attacks, when +the \s-1DH\s0 parameters were not generated using \*(L"strong\*(R" primes +(e.g. when using DSA-parameters, see dhparam(1)). +If \*(L"strong\*(R" primes were used, it is not strictly necessary to generate +a new \s-1DH\s0 key during each handshake but it is also recommended. +\&\s-1SSL_OP_SINGLE_DH_USE\s0 should therefore be enabled whenever +temporary/ephemeral \s-1DH\s0 parameters are used. +.Ip "\s-1SSL_OP_EPHEMERAL_RSA\s0" 4 +.IX Item "SSL_OP_EPHEMERAL_RSA" +Always use ephemeral (temporary) \s-1RSA\s0 key when doing \s-1RSA\s0 operations +(see SSL_CTX_set_tmp_rsa_callback(3)). +According to the specifications this is only done, when a \s-1RSA\s0 key +can only be used for signature operations (namely under export ciphers +with restricted \s-1RSA\s0 keylength). By setting this option, ephemeral +\&\s-1RSA\s0 keys are always used. This option breaks compatibility with the +\&\s-1SSL/TLS\s0 specifications and may lead to interoperability problems with +clients and should therefore never be used. Ciphers with \s-1EDH\s0 (ephemeral +Diffie-Hellman) key exchange should be used instead. +.Ip "\s-1SSL_OP_PKCS1_CHECK_1\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_1" +\&... +.Ip "\s-1SSL_OP_PKCS1_CHECK_2\s0" 4 +.IX Item "SSL_OP_PKCS1_CHECK_2" +\&... +.Ip "\s-1SSL_OP_NETSCAPE_CA_DN_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_CA_DN_BUG" +If we accept a netscape connection, demand a client cert, have a +non-self-sighed \s-1CA\s0 which does not have it's \s-1CA\s0 in netscape, and the +browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta +.Ip "\s-1SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG\s0" 4 +.IX Item "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG" +\&... +.Ip "SSL_OP_NO_SSLv2" 4 +.IX Item "SSL_OP_NO_SSLv2" +Do not use the SSLv2 protocol. +.Ip "SSL_OP_NO_SSLv3" 4 +.IX Item "SSL_OP_NO_SSLv3" +Do not use the SSLv3 protocol. +.Ip "SSL_OP_NO_TLSv1" 4 +.IX Item "SSL_OP_NO_TLSv1" +Do not use the TLSv1 protocol. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_options()\fR and \fISSL_set_options()\fR return the new options bitmask +after adding \fBoptions\fR. +.PP +\&\fISSL_CTX_get_options()\fR and \fISSL_get_options()\fR return the current bitmask. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), SSL_clear(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_CTX_set_tmp_rsa_callback(3), +dhparam(1) +.SH "HISTORY" +.IX Header "HISTORY" +\&\s-1SSL_OP_TLS_ROLLBACK_BUG\s0 has been added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 new file mode 100644 index 0000000..bc094b1 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:22 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_QUIET_SHUTDOWN 1" +.TH SSL_CTX_SET_QUIET_SHUTDOWN 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode); +\& int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx); +.Ve +.Vb 2 +\& void SSL_set_quiet_shutdown(SSL *ssl, int mode); +\& int SSL_get_quiet_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBctx\fR to be +\&\fBmode\fR. \s-1SSL\s0 objects created from \fBctx\fR inherit the \fBmode\fR valid at the time +SSL_new(3) is called. \fBmode\fR may be 0 or 1. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBctx\fR. +.PP +\&\fISSL_set_quiet_shutdown()\fR sets the \*(L"quiet shutdown\*(R" flag for \fBssl\fR to be +\&\fBmode\fR. The setting stays valid until \fBssl\fR is removed with +SSL_free(3) or \fISSL_set_quiet_shutdown()\fR is called again. +It is not changed when SSL_clear(3) is called. +\&\fBmode\fR may be 0 or 1. +.PP +\&\fISSL_get_quiet_shutdown()\fR returns the \*(L"quiet shutdown\*(R" setting of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Normally when a \s-1SSL\s0 connection is finished, the parties must send out +\&\*(L"close notify\*(R" alert messages using SSL_shutdown(3) +for a clean shutdown. +.PP +When setting the \*(L"quiet shutdown\*(R" flag to 1, SSL_shutdown(3) +will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN. +(SSL_shutdown(3) then behaves like +SSL_set_shutdown(3) called with +SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.) +The session is thus considered to be shutdown, but no \*(L"close notify\*(R" alert +is sent to the peer. This behaviour violates the \s-1TLS\s0 standard. +.PP +The default is normal shutdown behaviour as described by the \s-1TLS\s0 standard. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_quiet_shutdown()\fR and \fISSL_set_quiet_shutdown()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_get_quiet_shutdown()\fR and SSL_get_quiet_shutdown return the current +setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_shutdown(3), +SSL_set_shutdown(3), SSL_new(3), +SSL_clear(3), SSL_free(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 new file mode 100644 index 0000000..54abc88 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:27 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_CACHE_MODE 1" +.TH SSL_CTX_SET_SESSION_CACHE_MODE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode); +\& long SSL_CTX_get_session_cache_mode(SSL_CTX ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_cache_mode()\fR enables/disables session caching +by setting the operational mode for \fBctx\fR to <mode>. +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently used cache mode. +.SH "NOTES" +.IX Header "NOTES" +The OpenSSL library can store/retrieve \s-1SSL/TLS\s0 sessions for later reuse. +The sessions can be held in memory for each \fBctx\fR, if more than one +\&\s-1SSL_CTX\s0 object is being maintained, the sessions are unique for each \s-1SSL_CTX\s0 +object. +.PP +In order to reuse a session, a client must send the session's id to the +server. It can only send exactly one id. The server then decides whether it +agrees in reusing the session or starts the handshake for a new session. +.PP +A server will lookup up the session in its internal session storage. If +the session is not found in internal storage or internal storage is +deactivated, the server will try the external storage if available. +.PP +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +SSL_CTX_set_session_id_context(3)). +.PP +The following session cache modes and modifiers are available: +.Ip "\s-1SSL_SESS_CACHE_OFF\s0" 4 +.IX Item "SSL_SESS_CACHE_OFF" +No session caching for client or server takes place. +.Ip "\s-1SSL_SESS_CACHE_CLIENT\s0" 4 +.IX Item "SSL_SESS_CACHE_CLIENT" +Client sessions are added to the session cache. As there is no reliable way +for the OpenSSL library to know whether a session should be reused or which +session to choose (due to the abstract \s-1BIO\s0 layer the \s-1SSL\s0 engine does not +have details about the connection), the application must select the session +to be reused by using the SSL_set_session(3) +function. This option is not activated by default. +.Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4 +.IX Item "SSL_SESS_CACHE_SERVER" +Server sessions are added to the session cache. When a client proposes a +session to be reused, the session is looked up in the internal session cache. +If the session is found, the server will try to reuse the session. +This is the default. +.Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4 +.IX Item "SSL_SESS_CACHE_BOTH" +Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time. +.Ip "\s-1SSL_SESS_CACHE_NO_AUTO_CLEAR\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_AUTO_CLEAR" +Normally the session cache is checked for expired sessions every +255 connections using the +SSL_CTX_flush_sessions(3) function. Since +this may lead to a delay which cannot be controlled, the automatic +flushing may be disabled and +SSL_CTX_flush_sessions(3) can be called +explicitly by the application. +.Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4 +.IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP" +By setting this flag sessions are cached in the internal storage but +they are not looked up automatically. If an external session cache +is enabled, sessions are looked up in the external cache. As automatic +lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on +clients. +.PP +The default mode is \s-1SSL_SESS_CACHE_SERVER\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_cache_mode()\fR returns the previously set cache mode. +.PP +\&\fISSL_CTX_get_session_cache_mode()\fR returns the currently set cache mode. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_session(3), +SSL_session_reused(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_cache_size(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_set_session_id_context(3), +SSL_CTX_set_timeout(3), +SSL_CTX_flush_sessions(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 new file mode 100644 index 0000000..94f1dd3 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:30 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_SESSION_ID_CONTEXT 1" +.TH SSL_CTX_SET_SESSION_ID_CONTEXT 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only) +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +\& int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, +\& unsigned int sid_ctx_len); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBctx\fR object. +.PP +\&\fISSL_set_session_id_context()\fR sets the context \fBsid_ctx\fR of length +\&\fBsid_ctx_len\fR within which a session can be reused for the \fBssl\fR object. +.SH "NOTES" +.IX Header "NOTES" +Sessions are generated within a certain context. When exporting/importing +sessions with \fBi2d_SSL_SESSION\fR/\fBd2i_SSL_SESSION\fR it would be possible, +to re-import a session generated from another context (e.g. another +application), which might lead to malfunctions. Therefore each application +must set its own session id context \fBsid_ctx\fR which is used to distinguish +the contexts and is stored in exported sessions. The \fBsid_ctx\fR can be +any kind of binary data with a given length, it is therefore possible +to use e.g. the name of the application and/or the hostname and/or service +name ... +.PP +The session id context becomes part of the session. The session id context +is set by the \s-1SSL/TLS\s0 server. The \fISSL_CTX_set_session_id_context()\fR and +\&\fISSL_set_session_id_context()\fR functions are therefore only useful on the +server side. +.PP +OpenSSL clients will check the session id context returned by the server +when reusing a session. +.PP +The maximum length of the \fBsid_ctx\fR is limited to +\&\fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. +.SH "WARNINGS" +.IX Header "WARNINGS" +If the session id context is not set on an \s-1SSL/TLS\s0 server, stored sessions +will not be reused but a fatal error will be flagged and the handshake +will fail. +.PP +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_session_id_context()\fR and \fISSL_set_session_id_context()\fR +return the following values: +.Ip "0" 4 +The length \fBsid_ctx_len\fR of the session id context \fBsid_ctx\fR exceeded +the maximum allowed length of \fB\s-1SSL_MAX_SSL_SESSION_ID_LENGTH\s0\fR. The error +is logged to the error stack. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 new file mode 100644 index 0000000..e5b8e72 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,189 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_SSL_VERSION 1" +.TH SSL_CTX_SET_SSL_VERSION 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method +\&\- choose a new \s-1TLS/SSL\s0 method +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method); +\& int SSL_set_ssl_method(SSL *s, SSL_METHOD *method); +\& SSL_METHOD *SSL_get_ssl_method(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_ssl_version()\fR sets a new default \s-1TLS/SSL\s0 \fBmethod\fR for \s-1SSL\s0 objects +newly created from this \fBctx\fR. \s-1SSL\s0 objects already created with +SSL_new(3) are not affected, except when +SSL_clear(3) is being called. +.PP +\&\fISSL_set_ssl_method()\fR sets a new \s-1TLS/SSL\s0 \fBmethod\fR for a particular \fBssl\fR +object. It may be reset, when \fISSL_clear()\fR is called. +.PP +\&\fISSL_get_ssl_method()\fR returns a function pointer to the \s-1TLS/SSL\s0 method +set in \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The available \fBmethod\fR choices are described in +SSL_CTX_new(3). +.PP +When SSL_clear(3) is called and no session is connected to +an \s-1SSL\s0 object, the method of the \s-1SSL\s0 object is reset to the method currently +set in the corresponding \s-1SSL_CTX\s0 object. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur for \fISSL_CTX_set_ssl_version()\fR +and \fISSL_set_ssl_method()\fR: +.Ip "0" 4 +The new choice failed, check the error stack to find out the reason. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_CTX_new(3), SSL_new(3), +SSL_clear(3), ssl(3), +SSL_set_connect_state(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 new file mode 100644 index 0000000..d7be287 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 @@ -0,0 +1,194 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:34 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_TIMEOUT 1" +.TH SSL_CTX_SET_TIMEOUT 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& long SSL_CTX_set_timeout(SSL_CTX *ctx, long t); +\& long SSL_CTX_get_timeout(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_timeout()\fR sets the timeout for newly created sessions for +\&\fBctx\fR to \fBt\fR. The timeout value \fBt\fR must be given in seconds. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value for \fBctx\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is created, it is assigned a maximum lifetime. This +lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. If the actual time is later than creation +time plus timeout, the session is not reused. +.PP +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. Changes of the timeout value +do not affect already established sessions. +.PP +The expiration time of a single session can be modified using the +SSL_SESSION_get_time(3) family of functions. +.PP +Expired sessions are removed from the internal session cache, whenever +SSL_CTX_flush_sessions(3) is called, either +directly by the application or automatically (see +SSL_CTX_set_session_cache_mode(3)) +.PP +The default value for session timeout is decided on a per protocol +basis, see SSL_get_default_timeout(3). +All currently supported protocols have the same default timeout value +of 300 seconds. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_timeout()\fR returns the previously set timeout value. +.PP +\&\fISSL_CTX_get_timeout()\fR returns the currently set timeout value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 new file mode 100644 index 0000000..5c9d0e7 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,312 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:24 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_DH_CALLBACK 1" +.TH SSL_CTX_SET_TMP_DH_CALLBACK 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); +.Ve +.Vb 3 +\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_set_tmp_dh(SSL *ssl, DH *dh) +.Ve +.Vb 1 +\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_dh_callback()\fR sets the callback function for \fBctx\fR to be +used when a \s-1DH\s0 parameters are required to \fBtmp_dh_callback\fR. +The callback is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR sets \s-1DH\s0 parameters to be used to be \fBdh\fR. +The key is inherited by all \fBssl\fR objects created from \fBctx\fR. +.PP +\&\fISSL_set_tmp_dh_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fISSL_set_tmp_dh()\fR sets the parameters only for \fBssl\fR. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1DH\s0 key exchange +can take place. Ciphers with \s-1DSA\s0 keys always use ephemeral \s-1DH\s0 keys as well. +In these cases, the session data are negotiated using the +ephemeral/temporary \s-1DH\s0 key and the key supplied and certified +by the certificate chain is only used for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral \s-1DH\s0 keys. +.PP +Using ephemeral \s-1DH\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1DH\s0 key is known. By generating a temporary +\&\s-1DH\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) key, as this key was +only used for signing. +.PP +In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new +\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via +callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of +SSL_CTX_set_options(3) is set. It will +immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via +\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, +it may happen that a key is generated on initialization without later +being needed, while on the other hand the computer time during the +negotiation is being saved. +.PP +If \*(L"strong\*(R" primes were used to generate the \s-1DH\s0 parameters, it is not strictly +necessary to generate a new key for each handshake but it does improve forward +secrecy. If it is not assured, that \*(L"strong\*(R" primes were used (see especially +the section about \s-1DSA\s0 parameters below), \s-1SSL_OP_SINGLE_DH_USE\s0 must be used +in order to prevent small subgroup attacks. Always using \s-1SSL_OP_SINGLE_DH_USE\s0 +has an impact on the computer time needed during negotiation, but it is not +very large, so application authors/users should consider to always enable +this option. +.PP +As generating \s-1DH\s0 parameters is extremely time consuming, an application +should not generate the parameters on the fly but supply the parameters. +\&\s-1DH\s0 parameters can be reused, as the actual key is newly generated during +the negotiation. The risk in reusing \s-1DH\s0 parameters is that an attacker +may specialize on a very often used \s-1DH\s0 group. Applications should therefore +generate their own \s-1DH\s0 parameters during the installation process using the +openssl dhparam(1) application. In order to reduce the computer +time needed for this generation, it is possible to use \s-1DSA\s0 parameters +instead (see dhparam(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 +is mandatory. +.PP +Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, +dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the \fB\-C\fR option of the +dhparam(1) application. +Authors may also generate their own set of parameters using +dhparam(1), but a user may not be sure how the parameters were +generated. The generation of \s-1DH\s0 parameters during installation is therefore +recommended. +.PP +An application may either directly specify the \s-1DH\s0 parameters or +can supply the \s-1DH\s0 parameters via a callback function. The callback approach +has the advantage, that the callback may supply \s-1DH\s0 parameters for different +key lengths. +.PP +The \fBtmp_dh_callback\fR is called with the \fBkeylength\fR needed and +the \fBis_export\fR information. The \fBis_export\fR flag is set, when the +ephemeral \s-1DH\s0 key exchange is performed with an export cipher. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Handle \s-1DH\s0 parameters for key lengths of 512 and 1024 bits. (Error handling +partly left out.) +.PP +.Vb 5 +\& ... +\& /* Set up ephemeral DH stuff */ +\& DH *dh_512 = NULL; +\& DH *dh_1024 = NULL; +\& FILE *paramfile; +.Ve +.Vb 14 +\& ... +\& /* "openssl dhparam -out dh_param_512.pem -2 512" */ +\& paramfile = fopen("dh_param_512.pem", "r"); +\& if (paramfile) { +\& dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } +\& /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ +\& paramfile = fopen("dh_param_1024.pem", "r"); +\& if (paramfile) { +\& dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); +\& fclose(paramfile); +\& } +\& ... +.Ve +.Vb 3 +\& /* "openssl dhparam -C -2 512" etc... */ +\& DH *get_dh512() { ... } +\& DH *get_dh1024() { ... } +.Ve +.Vb 3 +\& DH *tmp_dh_callback(SSL *s, int is_export, int keylength) +\& { +\& DH *dh_tmp=NULL; +.Ve +.Vb 17 +\& switch (keylength) { +\& case 512: +\& if (!dh_512) +\& dh_512 = get_dh512(); +\& dh_tmp = dh_512; +\& break; +\& case 1024: +\& if (!dh_1024) +\& dh_1024 = get_dh1024(); +\& dh_tmp = dh_1024; +\& break; +\& default: +\& /* Generating a key on the fly is very costly, so use what is there */ +\& setup_dh_parameters_like_above(); +\& } +\& return(dh_tmp); +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_dh_callback()\fR and \fISSL_set_tmp_dh_callback()\fR do not return +diagnostic output. +.PP +\&\fISSL_CTX_set_tmp_dh()\fR and \fISSL_set_tmp_dh()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_tmp_rsa_callback(3), +SSL_CTX_set_options(3), +ciphers(1), dhparam(1) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 new file mode 100644 index 0000000..655f488 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -0,0 +1,309 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:26 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_TMP_RSA_CALLBACK 1" +.TH SSL_CTX_SET_TMP_RSA_CALLBACK 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, +\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa); +\& long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx); +.Ve +.Vb 4 +\& void SSL_set_tmp_rsa_callback(SSL_CTX *ctx, +\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); +\& long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa) +\& long SSL_need_tmp_rsa(SSL *ssl) +.Ve +.Vb 1 +\& RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tmp_rsa_callback()\fR sets the callback function for \fBctx\fR to be +used when a temporary/ephemeral \s-1RSA\s0 key is required to \fBtmp_rsa_callback\fR. +The callback is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR +with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. +.PP +\&\fISSL_CTX_set_tmp_rsa()\fR sets the temporary/ephemeral \s-1RSA\s0 key to be used to be +\&\fBrsa\fR. The key is inherited by all \s-1SSL\s0 objects newly created from \fBctx\fR +with <\fISSL_new\fR\|(3)|\fISSL_new\fR\|(3)>. Already created \s-1SSL\s0 objects are not affected. +.PP +\&\fISSL_CTX_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed +for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key +with a keysize larger than 512 bits is installed. +.PP +\&\fISSL_set_tmp_rsa_callback()\fR sets the callback only for \fBssl\fR. +.PP +\&\fISSL_set_tmp_rsa()\fR sets the key only for \fBssl\fR. +.PP +\&\fISSL_need_tmp_rsa()\fR returns 1, if a temporary/ephemeral \s-1RSA\s0 key is needed, +for RSA-based strength-limited 'exportable' ciphersuites because a \s-1RSA\s0 key +with a keysize larger than 512 bits is installed. +.PP +These functions apply to \s-1SSL/TLS\s0 servers only. +.SH "NOTES" +.IX Header "NOTES" +When using a cipher with \s-1RSA\s0 authentication, an ephemeral \s-1RSA\s0 key exchange +can take place. In this case the session data are negotiated using the +ephemeral/temporary \s-1RSA\s0 key and the \s-1RSA\s0 key supplied and certified +by the certificate chain is only used for signing. +.PP +Under previous export restrictions, ciphers with \s-1RSA\s0 keys shorter (512 bits) +than the usual key length of 1024 bits were created. To use these ciphers +with \s-1RSA\s0 keys of usual length, an ephemeral key exchange must be performed, +as the normal (certified) key cannot be directly used. +.PP +Using ephemeral \s-1RSA\s0 key exchange yields forward secrecy, as the connection +can only be decrypted, when the \s-1RSA\s0 key is known. By generating a temporary +\&\s-1RSA\s0 key inside the server application that is lost when the application +is left, it becomes impossible for an attacker to decrypt past sessions, +even if he gets hold of the normal (certified) \s-1RSA\s0 key, as this key was +used for signing only. The downside is that creating a \s-1RSA\s0 key is +computationally expensive. +.PP +Additionally, the use of ephemeral \s-1RSA\s0 key exchange is only allowed in +the \s-1TLS\s0 standard, when the \s-1RSA\s0 key can be used for signing only, that is +for export ciphers. Using ephemeral \s-1RSA\s0 key exchange for other purposes +violates the standard and can break interoperability with clients. +It is therefore strongly recommended to not use ephemeral \s-1RSA\s0 key +exchange and use \s-1EDH\s0 (Ephemeral Diffie-Hellman) key exchange instead +in order to achieve forward secrecy (see +SSL_CTX_set_tmp_dh_callback(3)). +.PP +On OpenSSL servers ephemeral \s-1RSA\s0 key exchange is therefore disabled by default +and must be explicitly enabled using the \s-1SSL_OP_EPHEMERAL_RSA\s0 option of +SSL_CTX_set_options(3), violating the \s-1TLS/SSL\s0 +standard. When ephemeral \s-1RSA\s0 key exchange is required for export ciphers, +it will automatically be used without this option! +.PP +An application may either directly specify the key or can supply the key via +a callback function. The callback approach has the advantage, that the +callback may generate the key only in case it is actually needed. As the +generation of a \s-1RSA\s0 key is however costly, it will lead to a significant +delay in the handshake procedure. Another advantage of the callback function +is that it can supply keys of different size (e.g. for \s-1SSL_OP_EPHEMERAL_RSA\s0 +usage) while the explicit setting of the key is only useful for key size of +512 bits to satisfy the export restricted ciphers and does give away key length +if a longer key would be allowed. +.PP +The \fBtmp_rsa_callback\fR is called with the \fBkeylength\fR needed and +the \fBis_export\fR information. The \fBis_export\fR flag is set, when the +ephemeral \s-1RSA\s0 key exchange is performed with an export cipher. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Generate temporary \s-1RSA\s0 keys to prepare ephemeral \s-1RSA\s0 key exchange. As the +generation of a \s-1RSA\s0 key costs a lot of computer time, they saved for later +reuse. For demonstration purposes, two keys for 512 bits and 1024 bits +respectively are generated. +.PP +.Vb 4 +\& ... +\& /* Set up ephemeral RSA stuff */ +\& RSA *rsa_512 = NULL; +\& RSA *rsa_1024 = NULL; +.Ve +.Vb 3 +\& rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL); +\& if (rsa_512 == NULL) +\& evaluate_error_queue(); +.Ve +.Vb 3 +\& rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL); +\& if (rsa_1024 == NULL) +\& evaluate_error_queue(); +.Ve +.Vb 1 +\& ... +.Ve +.Vb 3 +\& RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength) +\& { +\& RSA *rsa_tmp=NULL; +.Ve +.Vb 24 +\& switch (keylength) { +\& case 512: +\& if (rsa_512) +\& rsa_tmp = rsa_512; +\& else { /* generate on the fly, should not happen in this example */ +\& rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL); +\& rsa_512 = rsa_tmp; /* Remember for later reuse */ +\& } +\& break; +\& case 1024: +\& if (rsa_1024) +\& rsa_tmp=rsa_1024; +\& else +\& should_not_happen_in_this_example(); +\& break; +\& default: +\& /* Generating a key on the fly is very costly, so use what is there */ +\& if (rsa_1024) +\& rsa_tmp=rsa_1024; +\& else +\& rsa_tmp=rsa_512; /* Use at least a shorter key */ +\& } +\& return(rsa_tmp); +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_tmp_rsa_callback()\fR and \fISSL_set_tmp_rsa_callback()\fR do not return +diagnostic output. +.PP +\&\fISSL_CTX_set_tmp_rsa()\fR and \fISSL_set_tmp_rsa()\fR do return 1 on success and 0 +on failure. Check the error queue to find out the reason of failure. +.PP +\&\fISSL_CTX_need_tmp_rsa()\fR and \fISSL_need_tmp_rsa()\fR return 1 if a temporary +\&\s-1RSA\s0 key is needed and 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_cipher_list(3), +SSL_CTX_set_options(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_new(3), ciphers(1) diff --git a/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 new file mode 100644 index 0000000..bc383a5 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_set_verify.3 @@ -0,0 +1,434 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:36 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_SET_VERIFY 1" +.TH SSL_CTX_SET_VERIFY 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, +\& int (*verify_callback)(int, X509_STORE_CTX *)); +\& void SSL_set_verify(SSL *s, int mode, +\& int (*verify_callback)(int, X509_STORE_CTX *)); +\& void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); +\& void SSL_set_verify_depth(SSL *s, int depth); +.Ve +.Vb 1 +\& int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_verify()\fR sets the verification flags for \fBctx\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. +.PP +\&\fISSL_set_verify()\fR sets the verification flags for \fBssl\fR to be \fBmode\fR and +specifies the \fBverify_callback\fR function to be used. If no callback function +shall be specified, the \s-1NULL\s0 pointer can be used for \fBverify_callback\fR. In +this case last \fBverify_callback\fR set specifically for this \fBssl\fR remains. If +no special \fBcallback\fR was set before, the default callback for the underlying +\&\fBctx\fR is used, that was valid at the the time \fBssl\fR was created with +SSL_new(3). +.PP +\&\fISSL_CTX_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBctx\fR. (See the \s-1BUGS\s0 section.) +.PP +\&\fISSL_set_verify_depth()\fR sets the maximum \fBdepth\fR for the certificate chain +verification that shall be allowed for \fBssl\fR. (See the \s-1BUGS\s0 section.) +.SH "NOTES" +.IX Header "NOTES" +The verification of certificates can be controlled by a set of logically +or'ed \fBmode\fR flags: +.Ip "\s-1SSL_VERIFY_NONE\s0" 4 +.IX Item "SSL_VERIFY_NONE" +\&\fBServer mode:\fR the server will not send a client certificate request to the +client, so the client will not send a certificate. +.Sp +\&\fBClient mode:\fR if not using an anonymous cipher (by default disabled), the +server will send a certificate which will be checked. The result of the +certificate verification process can be checked after the \s-1TLS/SSL\s0 handshake +using the SSL_get_verify_result(3) function. +The handshake will be continued regardless of the verification result. +.Ip "\s-1SSL_VERIFY_PEER\s0" 4 +.IX Item "SSL_VERIFY_PEER" +\&\fBServer mode:\fR the server sends a client certificate request to the client. +The certificate returned (if any) is checked. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. +The behaviour can be controlled by the additional +\&\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0 and \s-1SSL_VERIFY_CLIENT_ONCE\s0 flags. +.Sp +\&\fBClient mode:\fR the server certificate is verified. If the verification process +fails, the \s-1TLS/SSL\s0 handshake is +immediately terminated with an alert message containing the reason for +the verification failure. If no server certificate is sent, because an +anonymous cipher is used, \s-1SSL_VERIFY_PEER\s0 is ignored. +.Ip "\s-1SSL_VERIFY_FAIL_IF_NO_PEER_CERT\s0" 4 +.IX Item "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" +\&\fBServer mode:\fR if the client did not return a certificate, the \s-1TLS/SSL\s0 +handshake is immediately terminated with a \*(L"handshake failure\*(R" alert. +This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored +.Ip "\s-1SSL_VERIFY_CLIENT_ONCE\s0" 4 +.IX Item "SSL_VERIFY_CLIENT_ONCE" +\&\fBServer mode:\fR only request a client certificate on the initial \s-1TLS/SSL\s0 +handshake. Do not ask for a client certificate again in case of a +renegotiation. This flag must be used together with \s-1SSL_VERIFY_PEER\s0. +.Sp +\&\fBClient mode:\fR ignored +.PP +Exactly one of the \fBmode\fR flags \s-1SSL_VERIFY_NONE\s0 and \s-1SSL_VERIFY_PEER\s0 must be +set at any time. +.PP +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +SSL_CTX_set_cert_verify_callback(3). +The following descriptions apply in the case of the built-in procedure. An +application provided procedure also has access to the verify depth information +and the \fIverify_callback()\fR function, but the way this information is used +may be different. +.PP +\&\fISSL_CTX_set_verify_depth()\fR and \fISSL_set_verify_depth()\fR set the limit up +to which depth certificates in a chain are used during the verification +procedure. If the certificate chain is longer than allowed, the certificates +above the limit are ignored. Error messages are generated as if these +certificates would not be present, most likely a +X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. +The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", +\&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum +depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, +allowing for the peer certificate and additional 9 \s-1CA\s0 certificates. +.PP +The \fBverify_callback\fR function is used to control the behaviour when the +\&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and +receives two arguments: \fBpreverify_ok\fR indicates, whether the verification of +the certificate in question was passed (preverify_ok=1) or not +(preverify_ok=0). \fBx509_ctx\fR is a pointer to the complete context used +for the certificate chain verification. +.PP +The certificate chain is checked starting with the deepest nesting level +(the root \s-1CA\s0 certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. Whenever +a verification error is found, the error number is stored in \fBx509_ctx\fR +and \fBverify_callback\fR is called with \fBpreverify_ok\fR=0. By applying +X509_CTX_store_* functions \fBverify_callback\fR can locate the certificate +in question and perform additional steps (see \s-1EXAMPLES\s0). If no error is +found for a certificate, \fBverify_callback\fR is called with \fBpreverify_ok\fR=1 +before advancing to the next level. +.PP +The return value of \fBverify_callback\fR controls the strategy of the further +verification process. If \fBverify_callback\fR returns 0, the verification +process is immediately stopped with \*(L"verification failed\*(R" state. If +\&\s-1SSL_VERIFY_PEER\s0 is set, a verification failure alert is sent to the peer and +the \s-1TLS/SSL\s0 handshake is terminated. If \fBverify_callback\fR returns 1, +the verification process is continued. If \fBverify_callback\fR always returns +1, the \s-1TLS/SSL\s0 handshake will never be terminated because of this application +experiencing a verification failure. The calling process can however +retrieve the error code of the last verification error using +SSL_get_verify_result(3) or by maintaining its +own error storage managed by \fBverify_callback\fR. +.PP +If no \fBverify_callback\fR is specified, the default callback will be used. +Its return value is identical to \fBpreverify_ok\fR, so that any verification +failure will lead to a termination of the \s-1TLS/SSL\s0 handshake with an +alert message, if \s-1SSL_VERIFY_PEER\s0 is set. +.SH "BUGS" +.IX Header "BUGS" +In client mode, it is not checked whether the \s-1SSL_VERIFY_PEER\s0 flag +is set, but whether \s-1SSL_VERIFY_NONE\s0 is not set. This can lead to +unexpected behaviour, if the \s-1SSL_VERIFY_PEER\s0 and \s-1SSL_VERIFY_NONE\s0 are not +used as required (exactly one must be set at any time). +.PP +The certificate verification depth set with SSL[_CTX]\fI_verify_depth()\fR +stops the verification at a certain depth. The error message produced +will be that of an incomplete certificate chain and not +X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The SSL*_set_verify*() functions do not provide diagnostic information. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The following code sequence realizes an example \fBverify_callback\fR function +that will always continue the \s-1TLS/SSL\s0 handshake regardless of verification +failure, if wished. The callback realizes a verification depth limit with +more informational output. +.PP +All verification errors are printed, informations about the certificate chain +are printed on request. +The example is realized for a server that does allow but not require client +certificates. +.PP +The example makes use of the ex_data technique to store application data +into/retrieve application data from the \s-1SSL\s0 structure +(see SSL_get_ex_new_index(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3)). +.PP +.Vb 15 +\& ... +\& typedef struct { +\& int verbose_mode; +\& int verify_depth; +\& int always_continue; +\& } mydata_t; +\& int mydata_index; +\& ... +\& static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +\& { +\& char buf[256]; +\& X509 *err_cert; +\& int err, depth; +\& SSL *ssl; +\& mydata_t *mydata; +.Ve +.Vb 3 +\& err_cert = X509_STORE_CTX_get_current_cert(ctx); +\& err = X509_STORE_CTX_get_error(ctx); +\& depth = X509_STORE_CTX_get_error_depth(ctx); +.Ve +.Vb 6 +\& /* +\& * Retrieve the pointer to the SSL of the connection currently treated +\& * and the application specific data stored into the SSL object. +\& */ +\& ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); +\& mydata = SSL_get_ex_data(ssl, mydata_index); +.Ve +.Vb 1 +\& X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); +.Ve +.Vb 22 +\& /* +\& * Catch a too long certificate chain. The depth limit set using +\& * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so +\& * that whenever the "depth>verify_depth" condition is met, we +\& * have violated the limit and want to log this error condition. +\& * We must do it here, because the CHAIN_TOO_LONG error would not +\& * be found explicitly; only errors introduced by cutting off the +\& * additional certificates would be logged. +\& */ +\& if (depth > mydata->verify_depth) { +\& preverify_ok = 0; +\& err = X509_V_ERR_CERT_CHAIN_TOO_LONG; +\& X509_STORE_CTX_set_error(ctx, err); +\& } +\& if (!preverify_ok) { +\& printf("verify error:num=%d:%s:depth=%d:%s\en", err, +\& X509_verify_cert_error_string(err), depth, buf); +\& } +\& else if (mydata->verbose_mode) +\& { +\& printf("depth=%d:%s\en", depth, buf); +\& } +.Ve +.Vb 9 +\& /* +\& * At this point, err contains the last verification error. We can use +\& * it for something special +\& */ +\& if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT) +\& { +\& X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256); +\& printf("issuer= %s\en", buf); +\& } +.Ve +.Vb 6 +\& if (mydata->always_continue) +\& return 1; +\& else +\& return preverify_ok; +\& } +\& ... +.Ve +.Vb 1 +\& mydata_t mydata; +.Ve +.Vb 2 +\& ... +\& mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); +.Ve +.Vb 3 +\& ... +\& SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, +\& verify_callback); +.Ve +.Vb 5 +\& /* +\& * Let the verify_callback catch the verify_depth error so that we get +\& * an appropriate error in the logfile. +\& */ +\& SSL_CTX_set_verify_depth(verify_depth + 1); +.Ve +.Vb 6 +\& /* +\& * Set up the SSL specific data into "mydata" and store it into th SSL +\& * structure. +\& */ +\& mydata.verify_depth = verify_depth; ... +\& SSL_set_ex_data(ssl, mydata_index, &mydata); +.Ve +.Vb 9 +\& ... +\& SSL_accept(ssl); /* check of success left out for clarity */ +\& if (peer = SSL_get_peer_certificate(ssl)) +\& { +\& if (SSL_get_verify_result(ssl) == X509_V_OK) +\& { +\& /* The client sent a certificate which verified OK */ +\& } +\& } +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), +SSL_CTX_get_verify_mode(3), +SSL_get_verify_result(3), +SSL_CTX_load_verify_locations(3), +SSL_get_peer_certificate(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3), +SSL_get_ex_new_index(3) diff --git a/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 new file mode 100644 index 0000000..a63e81b --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:39 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CTX_USE_CERTIFICATE 1" +.TH SSL_CTX_USE_CERTIFICATE 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 6 +\& int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); +\& int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); +\& int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_certificate(SSL *ssl, X509 *x); +\& int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); +\& int SSL_use_certificate_file(SSL *ssl, const char *file, int type); +.Ve +.Vb 1 +\& int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +.Ve +.Vb 13 +\& int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); +\& int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, +\& long len); +\& int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); +\& int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); +\& int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); +\& int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); +\& int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); +\& int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); +\& int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); +\& int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); +\& int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); +.Ve +.Vb 2 +\& int SSL_CTX_check_private_key(SSL_CTX *ctx); +\& int SSL_check_private_key(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions load the certificates and private keys into the \s-1SSL_CTX\s0 +or \s-1SSL\s0 object, respectively. +.PP +The SSL_CTX_* class of functions loads the certificates and keys into the +\&\s-1SSL_CTX\s0 object \fBctx\fR. The information is passed to \s-1SSL\s0 objects \fBssl\fR +created from \fBctx\fR with SSL_new(3) by copying, so that +changes applied to \fBctx\fR do not propagate to already existing \s-1SSL\s0 objects. +.PP +The SSL_* class of functions only loads certificates and keys into a +specific \s-1SSL\s0 object. The specific information is kept, when +SSL_clear(3) is called for this \s-1SSL\s0 object. +.PP +\&\fISSL_CTX_use_certificate()\fR loads the certificate \fBx\fR into \fBctx\fR, +\&\fISSL_use_certificate()\fR loads \fBx\fR into \fBssl\fR. The rest of the +certificates needed to form the complete certificate chain can be +specified using the +SSL_CTX_add_extra_chain_cert(3) +function. +.PP +\&\fISSL_CTX_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate from +the memory location \fBd\fR (with length \fBlen\fR) into \fBctx\fR, +\&\fISSL_use_certificate_ASN1()\fR loads the \s-1ASN1\s0 encoded certificate into \fBssl\fR. +.PP +\&\fISSL_CTX_use_certificate_file()\fR loads the first certificate stored in \fBfile\fR +into \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_use_certificate_file()\fR loads the certificate from \fBfile\fR into \fBssl\fR. +See the \s-1NOTES\s0 section on why \fISSL_CTX_use_certificate_chain_file()\fR +should be preferred. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR loads a certificate chain from +\&\fBfile\fR into \fBctx\fR. The certificates must be in \s-1PEM\s0 format and must +be sorted starting with the certificate to the highest level (root \s-1CA\s0). +There is no corresponding function working on a single \s-1SSL\s0 object. +.PP +\&\fISSL_CTX_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey()\fR adds the private key \fBrsa\fR of type \s-1RSA\s0 +to \fBctx\fR. \fISSL_use_PrivateKey()\fR adds \fBpkey\fR as private key to \fBssl\fR; +\&\fISSL_use_RSAPrivateKey()\fR adds \fBrsa\fR as private key of type \s-1RSA\s0 to \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey_ASN1()\fR adds the private key of type \fBpk\fR +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_CTX_use_RSAPrivateKey_ASN1()\fR adds the private key of type \s-1RSA\s0 +stored at memory location \fBd\fR (length \fBlen\fR) to \fBctx\fR. +\&\fISSL_use_PrivateKey_ASN1()\fR and \fISSL_use_RSAPrivateKey_ASN1()\fR add the private +key to \fBssl\fR. +.PP +\&\fISSL_CTX_use_PrivateKey_file()\fR adds the first private key found in +\&\fBfile\fR to \fBctx\fR. The formatting \fBtype\fR of the certificate must be specified +from the known types \s-1SSL_FILETYPE_PEM\s0, \s-1SSL_FILETYPE_ASN1\s0. +\&\fISSL_CTX_use_RSAPrivateKey_file()\fR adds the first private \s-1RSA\s0 key found in +\&\fBfile\fR to \fBctx\fR. \fISSL_use_PrivateKey_file()\fR adds the first private key found +in \fBfile\fR to \fBssl\fR; \fISSL_use_RSAPrivateKey_file()\fR adds the first private +\&\s-1RSA\s0 key found to \fBssl\fR. +.PP +\&\fISSL_CTX_check_private_key()\fR checks the consistency of a private key with +the corresponding certificate loaded into \fBctx\fR. If more than one +key/certificate pair (\s-1RSA/DSA\s0) is installed, the last item installed will +be checked. If e.g. the last item was a \s-1RSA\s0 certificate or key, the \s-1RSA\s0 +key/certificate pair will be checked. \fISSL_check_private_key()\fR performs +the same check for \fBssl\fR. If no key/certificate was explicitly added for +this \fBssl\fR, the last item added into \fBctx\fR will be checked. +.SH "NOTES" +.IX Header "NOTES" +The internal certificate store of OpenSSL can hold two private key/certificate +pairs at a time: one key/certificate of type \s-1RSA\s0 and one key/certificate +of type \s-1DSA\s0. The certificate used depends on the cipher select, see +also SSL_CTX_set_cipher_list(3). +.PP +When reading certificates and private keys from file, files of type +\&\s-1SSL_FILETYPE_ASN1\s0 (also known as \fB\s-1DER\s0\fR, binary encoding) can only contain +one certificate or private key, consequently +\&\fISSL_CTX_use_certificate_chain_file()\fR is only applicable to \s-1PEM\s0 formatting. +Files of type \s-1SSL_FILETYPE_PEM\s0 can contain more than one item. +.PP +\&\fISSL_CTX_use_certificate_chain_file()\fR adds the first certificate found +in the file to the certificate store. The other certificates are added +to the store of chain certificates using +SSL_CTX_add_extra_chain_cert(3). +There exists only one extra chain store, so that the same chain is appended +to both types of certificates, \s-1RSA\s0 and \s-1DSA\s0! If it is not intended to use +both type of certificate at the same time, it is recommended to use the +\&\fISSL_CTX_use_certificate_chain_file()\fR instead of the +\&\fISSL_CTX_use_certificate_file()\fR function in order to allow the use of +complete certificate chains even when no trusted \s-1CA\s0 storage is used or +when the \s-1CA\s0 issuing the certificate shall not be added to the trusted +\&\s-1CA\s0 storage. +.PP +If additional certificates are needed to complete the chain during the +\&\s-1TLS\s0 negotiation, \s-1CA\s0 certificates are additionally looked up in the +locations of trusted \s-1CA\s0 certificates, see +SSL_CTX_load_verify_locations(3). +.PP +The private keys loaded from file can be encrypted. In order to successfully +load encrypted keys, a function returning the passphrase must have been +supplied, see +SSL_CTX_set_default_passwd_cb(3). +(Certificate files might be encrypted as well from the technical point +of view, it however does not make sense as the data in the certificate +is considered public anyway.) +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), SSL_clear(3), +SSL_CTX_load_verify_locations(3), +SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_cipher_list(3), +SSL_CTX_add_extra_chain_cert(3) diff --git a/secure/lib/libcrypto/man/SSL_SESSION_free.3 b/secure/lib/libcrypto/man/SSL_SESSION_free.3 new file mode 100644 index 0000000..d6b46a0 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_SESSION_free.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:42 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_FREE 1" +.TH SSL_SESSION_FREE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_SESSION_free(SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_free()\fR decrements the reference count of \fBsession\fR and removes +the \fB\s-1SSL_SESSION\s0\fR structure pointed to by \fBsession\fR and frees up the allocated +memory, if the the reference count has reached 0. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects are allocated, when a \s-1TLS/SSL\s0 handshake operation +is successfully completed. Depending on the settings, see +SSL_CTX_set_session_cache_mode(3), +the \s-1SSL_SESSION\s0 objects are internally referenced by the \s-1SSL_CTX\s0 and +linked into its session cache. \s-1SSL\s0 objects may be using the \s-1SSL_SESSION\s0 object; +as a session may be reused, several \s-1SSL\s0 objects may be using one \s-1SSL_SESSION\s0 +object at the same time. It is therefore crucial to keep the reference +count (usage information) correct and not delete a \s-1SSL_SESSION\s0 object +that is still used, as this may lead to program failures due to +dangling pointers. These failures may also appear delayed, e.g. +when an \s-1SSL_SESSION\s0 object was completely freed as the reference count +incorrectly became 0, but it is still referenced in the internal +session cache and the cache list is processed during a +SSL_CTX_flush_sessions(3) operation. +.PP +\&\fISSL_SESSION_free()\fR must only be called for \s-1SSL_SESSION\s0 objects, for +which the reference count was explicitly incremented (e.g. +by calling \fISSL_get1_session()\fR, see SSL_get_session(3)) +or when the \s-1SSL_SESSION\s0 object was generated outside a \s-1TLS\s0 handshake +operation, e.g. by using d2i_SSL_SESSION(3). +It must not be called on other \s-1SSL_SESSION\s0 objects, as this would cause +incorrect reference counts and therefore program failures. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_free()\fR does not provide diagnostic information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_session(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_flush_sessions(3), + d2i_SSL_SESSION(3) diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 new file mode 100644 index 0000000..91c0cab --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:44 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_GET_EX_NEW_INDEX 1" +.TH SSL_SESSION_GET_EX_NEW_INDEX 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_SESSION_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg); +.Ve +.Vb 1 +\& void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +\&\fISSL_SESSION_get_ex_new_index()\fR is used to register a new index for application +specific data. +.PP +\&\fISSL_SESSION_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR +into the \fBsession\fR object. +.PP +\&\fISSL_SESSION_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBsession\fR. +.PP +A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality +can be found in RSA_get_ex_new_index(3). +The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in +CRYPTO_set_ex_data(3). +.SH "WARNINGS" +.IX Header "WARNINGS" +The application data is only maintained for sessions held in memory. The +application data is not included when dumping the session with +\&\fIi2d_SSL_SESSION()\fR (and all functions indirectly calling the dump functions +like \fIPEM_write_SSL_SESSION()\fR and \fIPEM_write_bio_SSL_SESSION()\fR) and can +therefore not be restored. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +RSA_get_ex_new_index(3), +CRYPTO_set_ex_data(3) diff --git a/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 new file mode 100644 index 0000000..ae1a543 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_SESSION_get_time.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:46 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_GET_TIME 1" +.TH SSL_SESSION_GET_TIME 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& long SSL_SESSION_get_time(SSL_SESSION *s); +\& long SSL_SESSION_set_time(SSL_SESSION *s, long tm); +\& long SSL_SESSION_get_timeout(SSL_SESSION *s); +\& long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm); +.Ve +.Vb 4 +\& long SSL_get_time(SSL_SESSION *s); +\& long SSL_set_time(SSL_SESSION *s, long tm); +\& long SSL_get_timeout(SSL_SESSION *s); +\& long SSL_set_timeout(SSL_SESSION *s, long tm); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_SESSION_get_time()\fR returns the time at which the session \fBs\fR was +established. The time is given in seconds since the Epoch and therefore +compatible to the time delivered by the \fItime()\fR call. +.PP +\&\fISSL_SESSION_set_time()\fR replaces the creation time of the session \fBs\fR with +the chosen value \fBtm\fR. +.PP +\&\fISSL_SESSION_get_timeout()\fR returns the timeout value set for session \fBs\fR +in seconds. +.PP +\&\fISSL_SESSION_set_timeout()\fR sets the timeout value for session \fBs\fR in seconds +to \fBtm\fR. +.PP +The \fISSL_get_time()\fR, \fISSL_set_time()\fR, \fISSL_get_timeout()\fR, and \fISSL_set_timeout()\fR +functions are synonyms for the SSL_SESSION_*() counterparts. +.SH "NOTES" +.IX Header "NOTES" +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the +default timeout value at creation, respectively, as set by +SSL_CTX_set_timeout(3). +Using these functions it is possible to extend or shorten the lifetime +of the session. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_SESSION_get_time()\fR and \fISSL_SESSION_get_timeout()\fR return the currently +valid values. +.PP +\&\fISSL_SESSION_set_time()\fR and \fISSL_SESSION_set_timeout()\fR return 1 on success. +.PP +If any of the function is passed the \s-1NULL\s0 pointer for the session \fBs\fR, +0 is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_timeout(3), +SSL_get_default_timeout(3) diff --git a/secure/lib/libcrypto/man/SSL_accept.3 b/secure/lib/libcrypto/man/SSL_accept.3 new file mode 100644 index 0000000..57b2b56 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_accept.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:48 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_ACCEPT 1" +.TH SSL_ACCEPT 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_accept(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_accept()\fR waits for a \s-1TLS/SSL\s0 client to initiate the \s-1TLS/SSL\s0 handshake. +The communication channel must already have been set and assigned to the +\&\fBssl\fR by setting an underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_accept()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_accept()\fR will only return once the +handshake has been finished or an error occurred, except for \s-1SGC\s0 (Server +Gated Cryptography). For \s-1SGC\s0, \fISSL_accept()\fR may return with \-1, but +\&\fISSL_get_error()\fR will yield \fB\s-1SSL_ERROR_WANT_READ/WRITE\s0\fR and \fISSL_accept()\fR +should be called again. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_accept()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_accept()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_accept()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_accept()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.Ip "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.Ip "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_connect(3), +SSL_shutdown(3), ssl(3), bio(3), +SSL_set_connect_state(3), +SSL_CTX_new(3) diff --git a/secure/lib/libcrypto/man/SSL_alert_type_string.3 b/secure/lib/libcrypto/man/SSL_alert_type_string.3 new file mode 100644 index 0000000..fffdde2 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_alert_type_string.3 @@ -0,0 +1,360 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:08 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_ALERT_TYPE_STRING 1" +.TH SSL_ALERT_TYPE_STRING 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& char *SSL_alert_type_string(int value); +\& char *SSL_alert_type_string_long(int value); +.Ve +.Vb 2 +\& char *SSL_alert_desc_string(int value); +\& char *SSL_alert_desc_string_long(int value); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_alert_type_string()\fR returns a one letter string indicating the +type of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_type_string_long()\fR returns a string indicating the type of the alert +specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string()\fR returns a two letter string as a short form +describing the reason of the alert specified by \fBvalue\fR. +.PP +\&\fISSL_alert_desc_string_long()\fR returns a string describing the reason +of the alert specified by \fBvalue\fR. +.SH "NOTES" +.IX Header "NOTES" +When one side of an \s-1SSL/TLS\s0 communication wants to inform the peer about +a special situation, it sends an alert. The alert is sent as a special message +and does not influence the normal data stream (unless its contents results +in the communication being canceled). +.PP +A warning alert is sent, when a non-fatal error condition occurs. The +\&\*(L"close notify\*(R" alert is sent as a warning alert. Other examples for +non-fatal errors are certificate errors (\*(L"certificate expired\*(R", +\&\*(L"unsupported certificate\*(R"), for which a warning alert may be sent. +(The sending party may however decide to send a fatal error.) The +receiving side may cancel the connection on reception of a warning +alert on it discretion. +.PP +Several alert messages must be sent as fatal alert messages as specified +by the \s-1TLS\s0 \s-1RFC\s0. A fatal alert always leads to a connection abort. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur for \fISSL_alert_type_string()\fR or +\&\fISSL_alert_type_string_long()\fR: +.if n .Ip """""W""""/""""warning""""" 4 +.el .Ip "``W''/``warning''" 4 +.IX Item ""W/warning" +.PD 0 +.if n .Ip """""F""""/""""fatal""""" 4 +.el .Ip "``F''/``fatal''" 4 +.IX Item ""F/fatal" +.if n .Ip """""U""""/""""unknown""""" 4 +.el .Ip "``U''/``unknown''" 4 +.IX Item ""U/unknown" +.PD +This indicates that no support is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.PP +The following strings can occur for \fISSL_alert_desc_string()\fR or +\&\fISSL_alert_desc_string_long()\fR: +.if n .Ip """""\s-1CN\s0""""/""""close notify""""" 4 +.el .Ip "``\s-1CN\s0''/``close notify''" 4 +.IX Item ""CN/close notify" +The connection shall be closed. This is a warning alert. +.if n .Ip """""\s-1UM\s0""""/""""unexpected message""""" 4 +.el .Ip "``\s-1UM\s0''/``unexpected message''" 4 +.IX Item ""UM/unexpected message" +An inappropriate message was received. This alert is always fatal +and should never be observed in communication between proper +implementations. +.if n .Ip """""\s-1BM\s0""""/""""bad record mac""""" 4 +.el .Ip "``\s-1BM\s0''/``bad record mac''" 4 +.IX Item ""BM/bad record mac" +This alert is returned if a record is received with an incorrect +\&\s-1MAC\s0. This message is always fatal. +.if n .Ip """""\s-1DF\s0""""/""""decompression failure""""" 4 +.el .Ip "``\s-1DF\s0''/``decompression failure''" 4 +.IX Item ""DF/decompression failure" +The decompression function received improper input (e.g. data +that would expand to excessive length). This message is always +fatal. +.if n .Ip """""\s-1HF\s0""""/""""handshake failure""""" 4 +.el .Ip "``\s-1HF\s0''/``handshake failure''" 4 +.IX Item ""HF/handshake failure" +Reception of a handshake_failure alert message indicates that the +sender was unable to negotiate an acceptable set of security +parameters given the options available. This is a fatal error. +.if n .Ip """""\s-1NC\s0""""/""""no certificate""""" 4 +.el .Ip "``\s-1NC\s0''/``no certificate''" 4 +.IX Item ""NC/no certificate" +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.if n .Ip """""\s-1BC\s0""""/""""bad certificate""""" 4 +.el .Ip "``\s-1BC\s0''/``bad certificate''" 4 +.IX Item ""BC/bad certificate" +A certificate was corrupt, contained signatures that did not +verify correctly, etc +.if n .Ip """""\s-1UC\s0""""/""""unsupported certificate""""" 4 +.el .Ip "``\s-1UC\s0''/``unsupported certificate''" 4 +.IX Item ""UC/unsupported certificate" +A certificate was of an unsupported type. +.if n .Ip """""\s-1CR\s0""""/""""certificate revoked""""" 4 +.el .Ip "``\s-1CR\s0''/``certificate revoked''" 4 +.IX Item ""CR/certificate revoked" +A certificate was revoked by its signer. +.if n .Ip """""\s-1CE\s0""""/""""certificate expired""""" 4 +.el .Ip "``\s-1CE\s0''/``certificate expired''" 4 +.IX Item ""CE/certificate expired" +A certificate has expired or is not currently valid. +.if n .Ip """""\s-1CU\s0""""/""""certificate unknown""""" 4 +.el .Ip "``\s-1CU\s0''/``certificate unknown''" 4 +.IX Item ""CU/certificate unknown" +Some other (unspecified) issue arose in processing the +certificate, rendering it unacceptable. +.if n .Ip """""\s-1IP\s0""""/""""illegal parameter""""" 4 +.el .Ip "``\s-1IP\s0''/``illegal parameter''" 4 +.IX Item ""IP/illegal parameter" +A field in the handshake was out of range or inconsistent with +other fields. This is always fatal. +.if n .Ip """""\s-1DC\s0""""/""""decryption failed""""" 4 +.el .Ip "``\s-1DC\s0''/``decryption failed''" 4 +.IX Item ""DC/decryption failed" +A TLSCiphertext decrypted in an invalid way: either it wasn't an +even multiple of the block length or its padding values, when +checked, weren't correct. This message is always fatal. +.if n .Ip """""\s-1RO\s0""""/""""record overflow""""" 4 +.el .Ip "``\s-1RO\s0''/``record overflow''" 4 +.IX Item ""RO/record overflow" +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record +with more than 2^14+1024 bytes. This message is always fatal. +.if n .Ip """""\s-1CA\s0""""/""""unknown \s-1CA\s0""""" 4 +.el .Ip "``\s-1CA\s0''/``unknown \s-1CA\s0''" 4 +.IX Item ""CA/unknown CA" +A valid certificate chain or partial chain was received, but the +certificate was not accepted because the \s-1CA\s0 certificate could not +be located or couldn't be matched with a known, trusted \s-1CA\s0. This +message is always fatal. +.if n .Ip """""\s-1AD\s0""""/""""access denied""""" 4 +.el .Ip "``\s-1AD\s0''/``access denied''" 4 +.IX Item ""AD/access denied" +A valid certificate was received, but when access control was +applied, the sender decided not to proceed with negotiation. +This message is always fatal. +.if n .Ip """""\s-1DE\s0""""/""""decode error""""" 4 +.el .Ip "``\s-1DE\s0''/``decode error''" 4 +.IX Item ""DE/decode error" +A message could not be decoded because some field was out of the +specified range or the length of the message was incorrect. This +message is always fatal. +.if n .Ip """""\s-1CY\s0""""/""""decrypt error""""" 4 +.el .Ip "``\s-1CY\s0''/``decrypt error''" 4 +.IX Item ""CY/decrypt error" +A handshake cryptographic operation failed, including being +unable to correctly verify a signature, decrypt a key exchange, +or validate a finished message. +.if n .Ip """""\s-1ER\s0""""/""""export restriction""""" 4 +.el .Ip "``\s-1ER\s0''/``export restriction''" 4 +.IX Item ""ER/export restriction" +A negotiation not in compliance with export restrictions was +detected; for example, attempting to transfer a 1024 bit +ephemeral \s-1RSA\s0 key for the \s-1RSA_EXPORT\s0 handshake method. This +message is always fatal. +.if n .Ip """""\s-1PV\s0""""/""""protocol version""""" 4 +.el .Ip "``\s-1PV\s0''/``protocol version''" 4 +.IX Item ""PV/protocol version" +The protocol version the client has attempted to negotiate is +recognized, but not supported. (For example, old protocol +versions might be avoided for security reasons). This message is +always fatal. +.if n .Ip """""\s-1IS\s0""""/""""insufficient security""""" 4 +.el .Ip "``\s-1IS\s0''/``insufficient security''" 4 +.IX Item ""IS/insufficient security" +Returned instead of handshake_failure when a negotiation has +failed specifically because the server requires ciphers more +secure than those supported by the client. This message is always +fatal. +.if n .Ip """""\s-1IE\s0""""/""""internal error""""" 4 +.el .Ip "``\s-1IE\s0''/``internal error''" 4 +.IX Item ""IE/internal error" +An internal error unrelated to the peer or the correctness of the +protocol makes it impossible to continue (such as a memory +allocation failure). This message is always fatal. +.if n .Ip """""\s-1US\s0""""/""""user canceled""""" 4 +.el .Ip "``\s-1US\s0''/``user canceled''" 4 +.IX Item ""US/user canceled" +This handshake is being canceled for some reason unrelated to a +protocol failure. If the user cancels an operation after the +handshake is complete, just closing the connection by sending a +close_notify is more appropriate. This alert should be followed +by a close_notify. This message is generally a warning. +.if n .Ip """""\s-1NR\s0""""/""""no renegotiation""""" 4 +.el .Ip "``\s-1NR\s0''/``no renegotiation''" 4 +.IX Item ""NR/no renegotiation" +Sent by the client in response to a hello request or by the +server in response to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that +is not appropriate, the recipient should respond with this alert; +at that point, the original requester can decide whether to +proceed with the connection. One case where this would be +appropriate would be where a server has spawned a process to +satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be +difficult to communicate changes to these parameters after that +point. This message is always a warning. +.if n .Ip """""\s-1UK\s0""""/""""unknown""""" 4 +.el .Ip "``\s-1UK\s0''/``unknown''" 4 +.IX Item ""UK/unknown" +This indicates that no description is available for this alert type. +Probably \fBvalue\fR does not contain a correct alert message. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_info_callback(3) diff --git a/secure/lib/libcrypto/man/SSL_clear.3 b/secure/lib/libcrypto/man/SSL_clear.3 new file mode 100644 index 0000000..9be5ac5 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_clear.3 @@ -0,0 +1,178 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:50 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CLEAR 1" +.TH SSL_CLEAR 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_clear \- reset \s-1SSL\s0 object to allow another connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_clear(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Reset \fBssl\fR to allow another connection. All settings (method, ciphers, +BIOs) are kept. +.SH "NOTES" +.IX Header "NOTES" +SSL_clear is used to prepare an \s-1SSL\s0 object for a new connection. While all +settings are kept, a side effect is the handling of the current \s-1SSL\s0 session. +If a session is still \fBopen\fR, it is considered bad and will be removed +from the session cache, as required by \s-1RFC2246\s0. A session is considered open, +if SSL_shutdown(3) was not called for the connection +or at least SSL_set_shutdown(3) was used to +set the \s-1SSL_SENT_SHUTDOWN\s0 state. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The \fISSL_clear()\fR operation could not be performed. Check the error stack to +find out the reason. +.Ip "1" 4 +.IX Item "1" +The \fISSL_clear()\fR operation was successful. +.PP +SSL_new(3), SSL_free(3), +SSL_shutdown(3), SSL_set_shutdown(3), +SSL_CTX_set_options(3), ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_connect.3 b/secure/lib/libcrypto/man/SSL_connect.3 new file mode 100644 index 0000000..8034bf3 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_connect.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:53 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_CONNECT 1" +.TH SSL_CONNECT 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_connect(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_connect()\fR initiates the \s-1TLS/SSL\s0 handshake with a server. The communication +channel must already have been set and assigned to the \fBssl\fR by setting an +underlying \fB\s-1BIO\s0\fR. +.SH "NOTES" +.IX Header "NOTES" +The behaviour of \fISSL_connect()\fR depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_connect()\fR will only return once the +handshake has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_connect()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_connect()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_connect()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_connect()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The \s-1TLS/SSL\s0 handshake was successfully completed, a \s-1TLS/SSL\s0 connection has been +established. +.Ip "0" 4 +The \s-1TLS/SSL\s0 handshake was not successful but was shut down controlled and +by the specifications of the \s-1TLS/SSL\s0 protocol. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.Ip "<0" 4 +.IX Item "<0" +The \s-1TLS/SSL\s0 handshake was not successful, because a fatal error occurred either +at the protocol level or a connection failure occurred. The shutdown was +not clean. It can also occur of action is need to continue the operation +for non-blocking BIOs. Call \fISSL_get_error()\fR with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_accept(3), +SSL_shutdown(3), ssl(3), bio(3), +SSL_set_connect_state(3), +SSL_CTX_new(3) diff --git a/secure/lib/libcrypto/man/SSL_free.3 b/secure/lib/libcrypto/man/SSL_free.3 new file mode 100644 index 0000000..e378af9 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_free.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:55 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_FREE 1" +.TH SSL_FREE 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_free \- free an allocated \s-1SSL\s0 structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_free(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_free()\fR decrements the reference count of \fBssl\fR, and removes the \s-1SSL\s0 +structure pointed to by \fBssl\fR and frees up the allocated memory if the +the reference count has reached 0. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_free()\fR also calls the \fIfree()\fRing procedures for indirectly affected items, if +applicable: the buffering \s-1BIO\s0, the read and write BIOs, +cipher lists specially created for this \fBssl\fR, the \fB\s-1SSL_SESSION\s0\fR. +Do not explicitly free these indirectly freed up items before or after +calling \fISSL_free()\fR, as trying to free things twice may lead to program +failure. +.PP +The ssl session has reference counts from two users: the \s-1SSL\s0 object, for +which the reference count is removed by \fISSL_free()\fR and the internal +session cache. If the session is considered bad, because +SSL_shutdown(3) was not called for the connection +and SSL_set_shutdown(3) was not used to set the +\&\s-1SSL_SENT_SHUTDOWN\s0 state, the session will also be removed +from the session cache as required by \s-1RFC2246\s0. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_free()\fR does not provide diagnostic information. +.PP +SSL_new(3), SSL_clear(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 new file mode 100644 index 0000000..fe5682c --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 @@ -0,0 +1,162 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:31 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_SSL_CTX 1" +.TH SSL_GET_SSL_CTX 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_SSL_CTX()\fR returns a pointer to the \s-1SSL_CTX\s0 object, from which +\&\fBssl\fR was created with SSL_new(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The pointer to the \s-1SSL_CTX\s0 object is returned. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3) diff --git a/secure/lib/libcrypto/man/SSL_get_ciphers.3 b/secure/lib/libcrypto/man/SSL_get_ciphers.3 new file mode 100644 index 0000000..3d43d88 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_ciphers.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:57 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_CIPHERS 1" +.TH SSL_GET_CIPHERS 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl); +\& const char *SSL_get_cipher_list(SSL *ssl, int priority); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_ciphers()\fR returns the stack of available SSL_CIPHERs for \fBssl\fR, +sorted by preference. If \fBssl\fR is \s-1NULL\s0 or no ciphers are available, \s-1NULL\s0 +is returned. +.PP +\&\fISSL_get_cipher_list()\fR returns a pointer to the name of the \s-1SSL_CIPHER\s0 +listed for \fBssl\fR with \fBpriority\fR. If \fBssl\fR is \s-1NULL\s0, no ciphers are +available, or there are less ciphers than \fBpriority\fR available, \s-1NULL\s0 +is returned. +.SH "NOTES" +.IX Header "NOTES" +The details of the ciphers obtained by \fISSL_get_ciphers()\fR can be obtained using +the SSL_CIPHER_get_name(3) family of functions. +.PP +Call \fISSL_get_cipher_list()\fR with \fBpriority\fR starting from 0 to obtain the +sorted list of available ciphers, until \s-1NULL\s0 is returned. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See \s-1DESCRIPTION\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_cipher_list(3), +SSL_CIPHER_get_name(3) diff --git a/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 b/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 new file mode 100644 index 0000000..bceeae8 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_client_CA_list.3 @@ -0,0 +1,182 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:20:59 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_CLIENT_CA_LIST 1" +.TH SSL_GET_CLIENT_CA_LIST 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); +\& STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using SSL_CTX_set_client_CA_list(3). +.PP +\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +SSL_CTX_set_client_CA_list(3), when in +server mode. In client mode, SSL_get_client_CA_list returns the list of +client CAs sent from the server, if any. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return +diagnostic information. +.PP +\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return +values: +.Ip "STACK_OF(X509_NAMES)" 4 +.IX Item "STACK_OF(X509_NAMES)" +List of \s-1CA\s0 names explicitly set (for \fBctx\fR or in server mode) or send +by the server (client mode). +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No client \s-1CA\s0 list was explicitly set (for \fBctx\fR or in server mode) or +the server did not send a list of CAs (client mode). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_client_CA_list(3) diff --git a/secure/lib/libcrypto/man/SSL_get_current_cipher.3 b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 new file mode 100644 index 0000000..9d78eba --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_current_cipher.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:02 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_CURRENT_CIPHER 1" +.TH SSL_GET_CURRENT_CIPHER 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name, +SSL_get_cipher_bits, SSL_get_cipher_version \- get \s-1SSL_CIPHER\s0 of a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 9 +\& SSL_CIPHER *SSL_get_current_cipher(SSL *ssl); +\& #define SSL_get_cipher(s) \e +\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +\& #define SSL_get_cipher_name(s) \e +\& SSL_CIPHER_get_name(SSL_get_current_cipher(s)) +\& #define SSL_get_cipher_bits(s,np) \e +\& SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +\& #define SSL_get_cipher_version(s) \e +\& SSL_CIPHER_get_version(SSL_get_current_cipher(s)) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_current_cipher()\fR returns a pointer to an \s-1SSL_CIPHER\s0 object containing +the description of the actually used cipher of a connection established with +the \fBssl\fR object. +.PP +\&\fISSL_get_cipher()\fR and \fISSL_get_cipher_name()\fR are identical macros to obtain the +name of the currently used cipher. \fISSL_get_cipher_bits()\fR is a +macro to obtain the number of secret/algorithm bits used and +\&\fISSL_get_cipher_version()\fR returns the protocol name. +See SSL_CIPHER_get_name(3) for more details. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_get_current_cipher()\fR returns the cipher actually used or \s-1NULL\s0, when +no session has been established. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CIPHER_get_name(3) diff --git a/secure/lib/libcrypto/man/SSL_get_default_timeout.3 b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 new file mode 100644 index 0000000..e503ba2 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_default_timeout.3 @@ -0,0 +1,176 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:29 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_DEFAULT_TIMEOUT 1" +.TH SSL_GET_DEFAULT_TIMEOUT 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_default_timeout \- get default session timeout value +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& long SSL_get_default_timeout(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_default_timeout()\fR returns the default timeout value assigned to +\&\s-1SSL_SESSION\s0 objects negotiated for the protocol valid for \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. If the timeout +value was not explicitly set using +SSL_CTX_set_timeout(3), the hardcoded default +timeout for the protocol will be used. +.PP +\&\fISSL_get_default_timeout()\fR return this hardcoded value, which is 300 seconds +for all currently supported protocols (SSLv2, SSLv3, and TLSv1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +See description. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_session_cache_mode(3), +SSL_SESSION_get_time(3), +SSL_CTX_flush_sessions(3), +SSL_get_default_timeout(3) diff --git a/secure/lib/libcrypto/man/SSL_get_error.3 b/secure/lib/libcrypto/man/SSL_get_error.3 new file mode 100644 index 0000000..a78e2f7 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_error.3 @@ -0,0 +1,238 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:04 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_ERROR 1" +.TH SSL_GET_ERROR 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_get_error(SSL *ssl, int ret); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_error()\fR returns a result code (suitable for the C \*(L"switch\*(R" +statement) for a preceding call to \fISSL_connect()\fR, \fISSL_accept()\fR, +\&\fISSL_read()\fR, \fISSL_peek()\fR, or \fISSL_write()\fR on \fBssl\fR. The value returned by +that \s-1TLS/SSL\s0 I/O function must be passed to \fISSL_get_error()\fR in parameter +\&\fBret\fR. +.PP +In addition to \fBssl\fR and \fBret\fR, \fISSL_get_error()\fR inspects the +current thread's OpenSSL error queue. Thus, \fISSL_get_error()\fR must be +used in the same thread that performed the \s-1TLS/SSL\s0 I/O operation, and no +other OpenSSL function calls should appear in between. The current +thread's error queue must be empty before the \s-1TLS/SSL\s0 I/O operation is +attempted, or \fISSL_get_error()\fR will not work reliably. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.Ip "\s-1SSL_ERROR_NONE\s0" 4 +.IX Item "SSL_ERROR_NONE" +The \s-1TLS/SSL\s0 I/O operation completed. This result code is returned +if and only if \fBret > 0\fR. +.Ip "\s-1SSL_ERROR_ZERO_RETURN\s0" 4 +.IX Item "SSL_ERROR_ZERO_RETURN" +The \s-1TLS/SSL\s0 connection has been closed. If the protocol version is \s-1SSL\s0 3.0 +or \s-1TLS\s0 1.0, this result code is returned only if a closure +alert has occurred in the protocol, i.e. if the connection has been +closed cleanly. Note that in this case \fB\s-1SSL_ERROR_ZERO_RETURN\s0\fR +does not necessarily indicate that the underlying transport +has been closed. +.Ip "\s-1SSL_ERROR_WANT_READ\s0, \s-1SSL_ERROR_WANT_WRITE\s0" 4 +.IX Item "SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE" +The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +called again later. If, by then, the underlying \fB\s-1BIO\s0\fR has data +available for reading (if the result code is \fB\s-1SSL_ERROR_WANT_READ\s0\fR) +or allows writing data (\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR), then some \s-1TLS/SSL\s0 +protocol progress will take place, i.e. at least part of an \s-1TLS/SSL\s0 +record will be read or written. Note that the retry may again lead to +a \fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR condition. +There is no fixed upper limit for the number of iterations that +may be necessary until progress becomes visible at application +protocol level. +.Sp +For socket \fB\s-1BIO\s0\fRs (e.g. when \fISSL_set_fd()\fR was used), \fIselect()\fR or +\&\fIpoll()\fR on the underlying socket can be used to find out when the +\&\s-1TLS/SSL\s0 I/O function should be retried. +.Sp +Caveat: Any \s-1TLS/SSL\s0 I/O function can lead to either of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR and \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. In particular, +\&\fISSL_read()\fR or \fISSL_peek()\fR may want to write data and \fISSL_write()\fR may want +to read data. This is mainly because \s-1TLS/SSL\s0 handshakes may occur at any +time during the protocol (initiated by either the client or the server); +\&\fISSL_read()\fR, \fISSL_peek()\fR, and \fISSL_write()\fR will handle any pending handshakes. +.Ip "\s-1SSL_ERROR_WANT_CONNECT\s0, \s-1SSL_ERROR_WANT_ACCEPT\s0" 4 +.IX Item "SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT" +The operation did not complete; the same \s-1TLS/SSL\s0 I/O function should be +called again later. The underlying \s-1BIO\s0 was not connected yet to the peer +and the call would block in \fIconnect()\fR/\fIaccept()\fR. The \s-1SSL\s0 function should be +called again when the connection is established. These messages can only +appear with a \fIBIO_s_connect()\fR or \fIBIO_s_accept()\fR \s-1BIO\s0, respectively. +In order to find out, when the connection has been successfully established, +on many platforms \fIselect()\fR or \fIpoll()\fR for writing on the socket file descriptor +can be used. +.Ip "\s-1SSL_ERROR_WANT_X509_LOOKUP\s0" 4 +.IX Item "SSL_ERROR_WANT_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +The \s-1TLS/SSL\s0 I/O function should be called again later. +Details depend on the application. +.Ip "\s-1SSL_ERROR_SYSCALL\s0" 4 +.IX Item "SSL_ERROR_SYSCALL" +Some I/O error occurred. The OpenSSL error queue may contain more +information on the error. If the error queue is empty +(i.e. \fIERR_get_error()\fR returns 0), \fBret\fR can be used to find out more +about the error: If \fBret == 0\fR, an \s-1EOF\s0 was observed that violates +the protocol. If \fBret == \-1\fR, the underlying \fB\s-1BIO\s0\fR reported an +I/O error (for socket I/O on Unix systems, consult \fBerrno\fR for details). +.Ip "\s-1SSL_ERROR_SSL\s0" 4 +.IX Item "SSL_ERROR_SSL" +A failure in the \s-1SSL\s0 library occurred, usually a protocol error. The +OpenSSL error queue contains more information on the error. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), err(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISSL_get_error()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 new file mode 100644 index 0000000..733eedf --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:06 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_EX_DATA_X509_STORE_CTX_IDX 1" +.TH SSL_GET_EX_DATA_X509_STORE_CTX_IDX 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure +from X509_STORE_CTX +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_get_ex_data_X509_STORE_CTX_idx(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR returns the index number under which +the pointer to the \s-1SSL\s0 object is stored into the X509_STORE_CTX object. +.SH "NOTES" +.IX Header "NOTES" +Whenever a X509_STORE_CTX object is created for the verification of the +peers certificate during a handshake, a pointer to the \s-1SSL\s0 object is +stored into the X509_STORE_CTX object to identify the connection affected. +To retrieve this pointer the \fIX509_STORE_CTX_get_ex_data()\fR function can +be used with the correct index. This index is globally the same for all +X509_STORE_CTX objects and can be retrieved using +\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR. The index value is set when +\&\fISSL_get_ex_data_X509_STORE_CTX_idx()\fR is first called either by the application +program directly or indirectly during other \s-1SSL\s0 setup functions or during +the handshake. +.PP +The value depends on other index values defined for X509_STORE_CTX objects +before the \s-1SSL\s0 index is created. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +.Ip ">=0" 4 +.IX Item ">=0" +The index value to access the pointer. +.Ip "<0" 4 +.IX Item "<0" +An error occurred, check the error stack for a detailed error message. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +The index returned from \fISSL_get_ex_data_X509_STORE_CTX_idx()\fR allows to +access the \s-1SSL\s0 object for the connection to be accessed during the +\&\fIverify_callback()\fR when checking the peers certificate. Please check +the example in SSL_CTX_set_verify(3), +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_verify(3), +CRYPTO_set_ex_data(3) diff --git a/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 b/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 new file mode 100644 index 0000000..ab48276 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_ex_new_index.3 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:08 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_EX_NEW_INDEX 1" +.TH SSL_GET_EX_NEW_INDEX 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 4 +\& int SSL_get_ex_new_index(long argl, void *argp, +\& CRYPTO_EX_new *new_func, +\& CRYPTO_EX_dup *dup_func, +\& CRYPTO_EX_free *free_func); +.Ve +.Vb 1 +\& int SSL_set_ex_data(SSL *ssl, int idx, void *arg); +.Ve +.Vb 1 +\& void *SSL_get_ex_data(SSL *ssl, int idx); +.Ve +.Vb 6 +\& typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, +\& int idx, long argl, void *argp); +\& typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, +\& int idx, long argl, void *argp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.PP +\&\fISSL_get_ex_new_index()\fR is used to register a new index for application +specific data. +.PP +\&\fISSL_set_ex_data()\fR is used to store application data at \fBarg\fR for \fBidx\fR into +the \fBssl\fR object. +.PP +\&\fISSL_get_ex_data()\fR is used to retrieve the information for \fBidx\fR from +\&\fBssl\fR. +.PP +A detailed description for the \fB*\f(BI_get_ex_new_index()\fB\fR functionality +can be found in RSA_get_ex_new_index(3). +The \fB*\f(BI_get_ex_data()\fB\fR and \fB*\f(BI_set_ex_data()\fB\fR functionality is described in +CRYPTO_set_ex_data(3). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +An example on how to use the functionality is included in the example +\&\fIverify_callback()\fR in SSL_CTX_set_verify(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +RSA_get_ex_new_index(3), +CRYPTO_set_ex_data(3), +SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_get_fd.3 b/secure/lib/libcrypto/man/SSL_get_fd.3 new file mode 100644 index 0000000..fa45d05 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_fd.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:10 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_FD 1" +.TH SSL_GET_FD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_get_fd(SSL *ssl); +\& int SSL_get_rfd(SSL *ssl); +\& int SSL_get_wfd(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_fd()\fR returns the file descriptor which is linked to \fBssl\fR. +\&\fISSL_get_rfd()\fR and \fISSL_get_wfd()\fR return the file descriptors for the +read or the write channel, which can be different. If the read and the +write channel are different, \fISSL_get_fd()\fR will return the file descriptor +of the read channel. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\-1" 4 +.IX Item "-1" +The operation failed, because the underlying \s-1BIO\s0 is not of the correct type +(suitable for file descriptors). +.Ip ">=0" 4 +.IX Item ">=0" +The file descriptor linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_set_fd(3), ssl(3) , bio(3) diff --git a/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 new file mode 100644 index 0000000..3ca17d9 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 @@ -0,0 +1,181 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:13 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_PEER_CERT_CHAIN 1" +.TH SSL_GET_PEER_CERT_CHAIN 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_cert_chain()\fR returns a pointer to STACKOF(X509) certificates +forming the certificate chain of the peer. If called on the client side, +the stack also contains the peer's certificate; if called on the server +side, the peer's certificate must be obtained separately using +SSL_get_peer_certificate(3). +If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +The peer certificate chain is not necessarily available after reusing +a session, in which case a \s-1NULL\s0 pointer is returned. +.PP +The reference count of the STACKOF(X509) object is not incremented. +If the corresponding session is freed, the pointer must not be used +any longer. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established +or the certificate chain is no longer available when a session is reused. +.Ip "Pointer to a STACKOF(X509)" 4 +.IX Item "Pointer to a STACKOF(X509)" +The return value points to the certificate chain presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_peer_certificate(3) diff --git a/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 new file mode 100644 index 0000000..80cc7ca --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_peer_certificate.3 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:15 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_PEER_CERTIFICATE 1" +.TH SSL_GET_PEER_CERTIFICATE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_peer_certificate \- get the X509 certificate of the peer +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& X509 *SSL_get_peer_certificate(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_peer_certificate()\fR returns a pointer to the X509 certificate the +peer presented. If the peer did not present a certificate, \s-1NULL\s0 is returned. +.SH "NOTES" +.IX Header "NOTES" +Due to the protocol definition, a \s-1TLS/SSL\s0 server will always send a +certificate, if present. A client will only send a certificate when +explicitly requested to do so by the server (see +SSL_CTX_set_verify(3)). If an anonymous cipher +is used, no certificates are sent. +.PP +That a certificate is returned does not indicate information about the +verification state, use SSL_get_verify_result(3) +to check the verification state. +.PP +The reference count of the X509 object is incremented by one, so that it +will not be destroyed when the session containing the peer certificate is +freed. The X509 object must be explicitly freed using \fIX509_free()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No certificate was presented by the peer or no connection was established. +.Ip "Pointer to an X509 certificate" 4 +.IX Item "Pointer to an X509 certificate" +The return value points to the certificate presented by the peer. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_verify_result(3), +SSL_CTX_set_verify(3) diff --git a/secure/lib/libcrypto/man/SSL_get_rbio.3 b/secure/lib/libcrypto/man/SSL_get_rbio.3 new file mode 100644 index 0000000..1dcaa0f --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_rbio.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:17 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_RBIO 1" +.TH SSL_GET_RBIO 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& BIO *SSL_get_rbio(SSL *ssl); +\& BIO *SSL_get_wbio(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_rbio()\fR and \fISSL_get_wbio()\fR return pointers to the BIOs for the +read or the write channel, which can be different. The reference count +of the \s-1BIO\s0 is not incremented. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +No \s-1BIO\s0 was connected to the \s-1SSL\s0 object +.Ip "Any other pointer" 4 +.IX Item "Any other pointer" +The \s-1BIO\s0 linked to \fBssl\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_set_bio(3), ssl(3) , bio(3) diff --git a/secure/lib/libcrypto/man/SSL_get_session.3 b/secure/lib/libcrypto/man/SSL_get_session.3 new file mode 100644 index 0000000..109a7fc --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_session.3 @@ -0,0 +1,202 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:19 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_SESSION 1" +.TH SSL_GET_SESSION 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& SSL_SESSION *SSL_get_session(SSL *ssl); +\& SSL_SESSION *SSL_get0_session(SSL *ssl); +\& SSL_SESSION *SSL_get1_session(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_session()\fR returns a pointer to the \fB\s-1SSL_SESSION\s0\fR actually used in +\&\fBssl\fR. The reference count of the \fB\s-1SSL_SESSION\s0\fR is not incremented, so +that the pointer can become invalid by other operations. +.PP +\&\fISSL_get0_session()\fR is the same as \fISSL_get_session()\fR. +.PP +\&\fISSL_get1_session()\fR is the same as \fISSL_get_session()\fR, but the reference +count of the \fB\s-1SSL_SESSION\s0\fR is incremented by one. +.SH "NOTES" +.IX Header "NOTES" +The ssl session contains all information required to re-establish the +connection without a new handshake. +.PP +\&\fISSL_get0_session()\fR returns a pointer to the actual session. As the +reference counter is not incremented, the pointer is only valid while +the connection is in use. If SSL_clear(3) or +SSL_free(3) is called, the session may be removed completely +(if considered bad), and the pointer obtained will become invalid. Even +if the session is valid, it can be removed at any time due to timeout +during SSL_CTX_flush_sessions(3). +.PP +If the data is to be kept, \fISSL_get1_session()\fR will increment the reference +count, so that the session will not be implicitly removed by other operations +but stays in memory. In order to remove the session +SSL_SESSION_free(3) must be explicitly called once +to decrement the reference count again. +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +There is no session available in \fBssl\fR. +.Ip "Pointer to an \s-1SSL\s0" 4 +.IX Item "Pointer to an SSL" +The return value points to the data of an \s-1SSL\s0 session. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_free(3), +SSL_clear(3), +SSL_SESSION_free(3) diff --git a/secure/lib/libcrypto/man/SSL_get_verify_result.3 b/secure/lib/libcrypto/man/SSL_get_verify_result.3 new file mode 100644 index 0000000..053f3d8 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_verify_result.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:21 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_VERIFY_RESULT 1" +.TH SSL_GET_VERIFY_RESULT 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_verify_result \- get result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& long SSL_get_verify_result(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_verify_result()\fR returns the result of the verification of the +X509 certificate presented by the peer, if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_get_verify_result()\fR can only return one error code while the verification +of a certificate can fail because of many reasons at the same time. Only +the last verification error that occurred during the processing is available +from \fISSL_get_verify_result()\fR. +.PP +The verification result is part of the established session and is restored +when a session is reused. +.SH "BUGS" +.IX Header "BUGS" +If no peer certificate was presented, the returned result code is +X509_V_OK. This is because no verification error occurred, it does however +not indicate success. \fISSL_get_verify_result()\fR is only useful in connection +with SSL_get_peer_certificate(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur: +.Ip "X509_V_OK" 4 +.IX Item "X509_V_OK" +The verification succeeded or no peer certificate was presented. +.Ip "Any other value" 4 +.IX Item "Any other value" +Documented in verify(1). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_verify_result(3), +SSL_get_peer_certificate(3), +verify(1) diff --git a/secure/lib/libcrypto/man/SSL_get_version.3 b/secure/lib/libcrypto/man/SSL_get_version.3 new file mode 100644 index 0000000..074b2dd --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_get_version.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_GET_VERSION 1" +.TH SSL_GET_VERSION 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_get_version \- get the protocol version of a connection. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& const char *SSL_get_version(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the +connection \fBssl\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following strings can occur: +.Ip "SSLv2" 4 +.IX Item "SSLv2" +The connection uses the SSLv2 protocol. +.Ip "SSLv3" 4 +.IX Item "SSLv3" +The connection uses the SSLv3 protocol. +.Ip "TLSv1" 4 +.IX Item "TLSv1" +The connection uses the TLSv1 protocol. +.Ip "unknown" 4 +.IX Item "unknown" +This indicates that no version has been set (no connection established). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_library_init.3 b/secure/lib/libcrypto/man/SSL_library_init.3 new file mode 100644 index 0000000..8f1393d --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_library_init.3 @@ -0,0 +1,187 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:24 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_LIBRARY_INIT 1" +.TH SSL_LIBRARY_INIT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms +\&\- initialize \s-1SSL\s0 library by registering algorithms +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_library_init(void); +\& #define OpenSSL_add_ssl_algorithms() SSL_library_init() +\& #define SSLeay_add_ssl_algorithms() SSL_library_init() +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_library_init()\fR registers the available ciphers and digests. +.PP +\&\fIOpenSSL_add_ssl_algorithms()\fR and \fISSLeay_add_ssl_algorithms()\fR are synonyms +for \fISSL_library_init()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_library_init()\fR must be called before any other action takes place. +.SH "WARNING" +.IX Header "WARNING" +\&\fISSL_library_init()\fR only registers ciphers. Another important initialization +is the seeding of the \s-1PRNG\s0 (Pseudo Random Number Generator), which has to +be performed separately. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +A typical \s-1TLS/SSL\s0 application will start with the library initialization, +will provide readable error messages and will seed the \s-1PRNG\s0. +.PP +.Vb 3 +\& SSL_load_error_strings(); /* readable error messages */ +\& SSL_library_init(); /* initialize library */ +\& actions_to_seed_PRNG(); +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_library_init()\fR always returns \*(L"1\*(R", so it is safe to discard the return +value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_load_error_strings(3), +RAND_add(3) diff --git a/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 new file mode 100644 index 0000000..b032fd9 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_load_client_CA_file.3 @@ -0,0 +1,193 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:26 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_LOAD_CLIENT_CA_FILE 1" +.TH SSL_LOAD_CLIENT_CA_FILE 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_load_client_CA_file \- load certificate names from file +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_load_client_CA_file()\fR reads certificates from \fBfile\fR and returns +a STACK_OF(X509_NAME) with the subject names found. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_load_client_CA_file()\fR reads a file of \s-1PEM\s0 formatted certificates and +extracts the X509_NAMES of the certificates found. While the name suggests +the specific usage as support function for +SSL_CTX_set_client_CA_list(3), +it is not limited to \s-1CA\s0 certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Load names of CAs from file and use it as a client \s-1CA\s0 list: +.PP +.Vb 2 +\& SSL_CTX *ctx; +\& STACK_OF(X509_NAME) *cert_names; +.Ve +.Vb 7 +\& ... +\& cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +\& if (cert_names != NULL) +\& SSL_CTX_set_client_CA_list(ctx, cert_names); +\& else +\& error_handling(); +\& ... +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +The operation failed, check out the error stack for the reason. +.Ip "Pointer to STACK_OF(X509_NAME)" 4 +.IX Item "Pointer to STACK_OF(X509_NAME)" +Pointer to the subject names of the successfully read certificates. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), +SSL_CTX_set_client_CA_list(3) diff --git a/secure/lib/libcrypto/man/SSL_new.3 b/secure/lib/libcrypto/man/SSL_new.3 new file mode 100644 index 0000000..a609a9d --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_new.3 @@ -0,0 +1,174 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:28 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_NEW 1" +.TH SSL_NEW 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_new \- create a new \s-1SSL\s0 structure for a connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& SSL *SSL_new(SSL_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_new()\fR creates a new \fB\s-1SSL\s0\fR structure which is needed to hold the +data for a \s-1TLS/SSL\s0 connection. The new structure inherits the settings +of the underlying context \fBctx\fR: connection method (SSLv2/v3/TLSv1), +options, verification settings, timeout settings. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "\s-1NULL\s0" 4 +.IX Item "NULL" +The creation of a new \s-1SSL\s0 structure failed. Check the error stack to +find out the reason. +.Ip "Pointer to an \s-1SSL\s0 structure" 4 +.IX Item "Pointer to an SSL structure" +The return value points to an allocated \s-1SSL\s0 structure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_free(3), SSL_clear(3), +SSL_CTX_set_options(3), +SSL_get_SSL_CTX(3), +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_pending.3 b/secure/lib/libcrypto/man/SSL_pending.3 new file mode 100644 index 0000000..f3f5ff3 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_pending.3 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:30 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_PENDING 1" +.TH SSL_PENDING 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_pending(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_pending()\fR returns the number of bytes which are available inside +\&\fBssl\fR for immediate read. +.SH "NOTES" +.IX Header "NOTES" +Data are received in blocks from the peer. Therefore data can be buffered +inside \fBssl\fR and are ready for immediate retrieval with +SSL_read(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The number of bytes pending is returned. +.SH "BUGS" +.IX Header "BUGS" +\&\fISSL_pending()\fR takes into account only bytes from the \s-1TLS/SSL\s0 record +that is currently being processed (if any). If the \fB\s-1SSL\s0\fR object's +\&\fIread_ahead\fR flag is set, additional protocol bytes may have been +read containing more \s-1TLS/SSL\s0 records; these are ignored by +\&\fISSL_pending()\fR. +.PP +Up to OpenSSL 0.9.6, \fISSL_pending()\fR does not check if the record type +of pending data is application data. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_read(3), ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_read.3 b/secure/lib/libcrypto/man/SSL_read.3 new file mode 100644 index 0000000..b3d6489 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_read.3 @@ -0,0 +1,244 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_READ 1" +.TH SSL_READ 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_read(SSL *ssl, void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_read()\fR tries to read \fBnum\fR bytes from the specified \fBssl\fR into the +buffer \fBbuf\fR. +.SH "NOTES" +.IX Header "NOTES" +If necessary, \fISSL_read()\fR will negotiate a \s-1TLS/SSL\s0 session, if +not already explicitly performed by SSL_connect(3) or +SSL_accept(3). If the +peer requests a re-negotiation, it will be performed transparently during +the \fISSL_read()\fR operation. The behaviour of \fISSL_read()\fR depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR +before the first call to an \fISSL_read()\fR or SSL_write(3) +function. +.PP +\&\fISSL_read()\fR works based on the \s-1SSL/TLS\s0 records. The data are received in +records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a +record has been completely received, it can be processed (decryption and +check of integrity). Therefore data that was not retrieved at the last +call of \fISSL_read()\fR can still be buffered inside the \s-1SSL\s0 layer and will be +retrieved on the next call to \fISSL_read()\fR. If \fBnum\fR is higher than the +number of bytes buffered, \fISSL_read()\fR will return with the bytes buffered. +If no more bytes are in the buffer, \fISSL_read()\fR will trigger the processing +of the next record. Only when the record has been received and processed +completely, \fISSL_read()\fR will return reporting success. At most the contents +of the record will be returned. As the size of an \s-1SSL/TLS\s0 record may exceed +the maximum packet size of the underlying transport (e.g. \s-1TCP\s0), it may +be necessary to read several packets from the transport layer before the +record is complete and \fISSL_read()\fR can succeed. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_read()\fR will only return, once the +read operation has been finished or an error occurred, except when a +renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. +This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the +SSL_CTX_set_mode(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_read()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_read()\fR +to continue the operation. In this case a call to +SSL_get_error(3) with the +return value of \fISSL_read()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to \fISSL_read()\fR can also cause write operations! The calling process +then must repeat the call after taking appropriate action to satisfy the +needs of \fISSL_read()\fR. The action depends on the underlying \s-1BIO\s0. When using a +non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.SH "WARNING" +.IX Header "WARNING" +When an \fISSL_read()\fR operation has to be repeated because of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip ">0" 4 +.IX Item ">0" +The read operation was successful; the return value is the number of +bytes actually read from the \s-1TLS/SSL\s0 connection. +.Ip "0" 4 +The read operation was not successful. The reason may either be a clean +shutdown due to a \*(L"close notify\*(R" alert sent by the peer (in which case +the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag in the ssl shutdown state is set +(see SSL_shutdown(3), +SSL_set_shutdown(3)). It is also possible, that +the peer simply shut down the underlying transport and the shutdown is +incomplete. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, +whether an error occurred or the connection was shut down cleanly +(\s-1SSL_ERROR_ZERO_RETURN\s0). +.Sp +SSLv2 (deprecated) does not support a shutdown alert protocol, so it can +only be detected, whether the underlying connection was closed. It cannot +be checked, whether the closure was initiated by the peer or by something +else. +.Ip "<0" 4 +.IX Item "<0" +The read operation was not successful, because either an error occurred +or action must be taken by the calling process. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_write(3), +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), +SSL_shutdown(3), SSL_set_shutdown(3), +ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/SSL_rstate_string.3 b/secure/lib/libcrypto/man/SSL_rstate_string.3 new file mode 100644 index 0000000..a787231 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_rstate_string.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:33 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_RSTATE_STRING 1" +.TH SSL_RSTATE_STRING 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& char *SSL_rstate_string(SSL *ssl); +\& char *SSL_rstate_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_rstate_string()\fR returns a 2 letter string indicating the current read state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_rstate_string_long()\fR returns a string indicating the current read state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +When performing a read operation, the \s-1SSL/TLS\s0 engine must parse the record, +consisting of header and body. When working in a blocking environment, +SSL_rstate_string[_long]() should always return \*(L"\s-1RD\s0\*(R"/\*(L"read done\*(R". +.PP +This function should only seldom be needed in applications. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_rstate_string()\fR and \fISSL_rstate_string_long()\fR can return the following +values: +.if n .Ip """""\s-1RH\s0""""/""""read header""""" 4 +.el .Ip "``\s-1RH\s0''/``read header''" 4 +.IX Item ""RH/read header" +The header of the record is being evaluated. +.if n .Ip """""\s-1RB\s0""""/""""read body""""" 4 +.el .Ip "``\s-1RB\s0''/``read body''" 4 +.IX Item ""RB/read body" +The body of the record is being evaluated. +.if n .Ip """""\s-1RD\s0""""/""""read done""""" 4 +.el .Ip "``\s-1RD\s0''/``read done''" 4 +.IX Item ""RD/read done" +The record has been completely processed. +.if n .Ip """""unknown""""/""""unknown""""" 4 +.el .Ip "``unknown''/``unknown''" 4 +.IX Item ""unknown/unknown" +The read state is unknown. This should never happen. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3) diff --git a/secure/lib/libcrypto/man/SSL_session_reused.3 b/secure/lib/libcrypto/man/SSL_session_reused.3 new file mode 100644 index 0000000..bc67b98b --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_session_reused.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:35 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SESSION_REUSED 1" +.TH SSL_SESSION_REUSED 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_session_reused \- query whether a reused session was negotiated during handshake +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_session_reused(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Query, whether a reused session was negotiated during the handshake. +.SH "NOTES" +.IX Header "NOTES" +During the negotiation, a client can propose to reuse a session. The server +then looks up the session in its cache. If both client and server agree +on the session, it will be reused and a flag is being set that can be +queried by the application. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +A new session was negotiated. +.Ip "1" 4 +.IX Item "1" +A session was reused. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_set_session(3), +SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libcrypto/man/SSL_set_bio.3 b/secure/lib/libcrypto/man/SSL_set_bio.3 new file mode 100644 index 0000000..6d94e72 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_set_bio.3 @@ -0,0 +1,170 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:35 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SET_BIO 1" +.TH SSL_SET_BIO 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0 +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_bio()\fR connects the BIOs \fBrbio\fR and \fBwbio\fR for the read and write +operations of the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. +.PP +The \s-1SSL\s0 engine inherits the behaviour of \fBrbio\fR and \fBwbio\fR, respectively. +If a \s-1BIO\s0 is non-blocking, the \fBssl\fR will also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +(for both the reading and writing side, if different). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_bio()\fR cannot fail. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_rbio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/SSL_set_connect_state.3 b/secure/lib/libcrypto/man/SSL_set_connect_state.3 new file mode 100644 index 0000000..2729382 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_set_connect_state.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:03 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SET_CONNECT_STATE 1" +.TH SSL_SET_CONNECT_STATE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_connect_state(SSL *ssl); +.Ve +.Vb 1 +\& void SSL_set_accept_state(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_connect_state()\fR sets \fBssl\fR to work in client mode. +.PP +\&\fISSL_set_accept_state()\fR sets \fBssl\fR to work in server mode. +.SH "NOTES" +.IX Header "NOTES" +When the \s-1SSL_CTX\s0 object was created with SSL_CTX_new(3), +it was either assigned a dedicated client method, a dedicated server +method, or a generic method, that can be used for both client and +server connections. (The method might have been changed with +SSL_CTX_set_ssl_version(3) or +\&\fISSL_set_ssl_method()\fR.) +.PP +When beginning a new handshake, the \s-1SSL\s0 engine must know whether it must +call the connect (client) or accept (server) routines. Even though it may +be clear from the method chosen, whether client or server mode was +requested, the handshake routines must be explicitly set. +.PP +When using the SSL_connect(3) or +SSL_accept(3) routines, the correct handshake +routines are automatically set. When performing a transparent negotiation +using SSL_write(3) or SSL_read(3), the +handshake routines must be explicitly set in advance using either +\&\fISSL_set_connect_state()\fR or \fISSL_set_accept_state()\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_connect_state()\fR and \fISSL_set_accept_state()\fR do not return diagnostic +information. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_new(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3), +SSL_write(3), SSL_read(3), +SSL_CTX_set_ssl_version(3) diff --git a/secure/lib/libcrypto/man/SSL_set_fd.3 b/secure/lib/libcrypto/man/SSL_set_fd.3 new file mode 100644 index 0000000..5800ed0 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_set_fd.3 @@ -0,0 +1,183 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:37 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SET_FD 1" +.TH SSL_SET_FD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 3 +\& int SSL_set_fd(SSL *ssl, int fd); +\& int SSL_set_rfd(SSL *ssl, int fd); +\& int SSL_set_wfd(SSL *ssl, int fd); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_fd()\fR sets the file descriptor \fBfd\fR as the input/output facility +for the \s-1TLS/SSL\s0 (encrypted) side of \fBssl\fR. \fBfd\fR will typically be the +socket file descriptor of a network connection. +.PP +When performing the operation, a \fBsocket \s-1BIO\s0\fR is automatically created to +interface between the \fBssl\fR and \fBfd\fR. The \s-1BIO\s0 and hence the \s-1SSL\s0 engine +inherit the behaviour of \fBfd\fR. If \fBfd\fR is non-blocking, the \fBssl\fR will +also have non-blocking behaviour. +.PP +If there was already a \s-1BIO\s0 connected to \fBssl\fR, \fIBIO_free()\fR will be called +(for both the reading and writing side, if different). +.PP +\&\fISSL_set_rfd()\fR and \fISSL_set_wfd()\fR perform the respective action, but only +for the read channel or the write channel, which can be set independently. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The operation failed. Check the error stack to find out why. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_fd(3), SSL_set_bio(3), +SSL_connect(3), SSL_accept(3), +SSL_shutdown(3), ssl(3) , bio(3) diff --git a/secure/lib/libcrypto/man/SSL_set_session.3 b/secure/lib/libcrypto/man/SSL_set_session.3 new file mode 100644 index 0000000..bc2bb81 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_set_session.3 @@ -0,0 +1,185 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:39 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SET_SESSION 1" +.TH SSL_SET_SESSION 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_set_session(SSL *ssl, SSL_SESSION *session); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_session()\fR sets \fBsession\fR to be used when the \s-1TLS/SSL\s0 connection +is to be established. \fISSL_set_session()\fR is only useful for \s-1TLS/SSL\s0 clients. +When the session is set, the reference count of \fBsession\fR is incremented +by 1. If the session is not reused, the reference count is decremented +again during \fISSL_connect()\fR. Whether the session was reused can be queried +with the SSL_session_reused(3) call. +.PP +If there is already a session set inside \fBssl\fR (because it was set with +\&\fISSL_set_session()\fR before or because the same \fBssl\fR was already used for +a connection), \fISSL_SESSION_free()\fR will be called for that session. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "0" 4 +The operation failed; check the error stack to find out the reason. +.Ip "1" 4 +.IX Item "1" +The operation succeeded. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_SESSION_free(3), +SSL_get_session(3), +SSL_session_reused(3), +SSL_CTX_set_session_cache_mode(3) diff --git a/secure/lib/libcrypto/man/SSL_set_shutdown.3 b/secure/lib/libcrypto/man/SSL_set_shutdown.3 new file mode 100644 index 0000000..6704276 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_set_shutdown.3 @@ -0,0 +1,200 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:05 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SET_SHUTDOWN 1" +.TH SSL_SET_SHUTDOWN 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_shutdown(SSL *ssl, int mode); +.Ve +.Vb 1 +\& int SSL_get_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_shutdown()\fR sets the shutdown state of \fBssl\fR to \fBmode\fR. +.PP +\&\fISSL_get_shutdown()\fR returns the shutdown mode of \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +The shutdown state of an ssl connection is a bitmask of: +.Ip "0" 4 +No shutdown setting, yet. +.Ip "\s-1SSL_SENT_SHUTDOWN\s0" 4 +.IX Item "SSL_SENT_SHUTDOWN" +A \*(L"close notify\*(R" shutdown alert was sent to the peer, the connection is being +considered closed and the session is closed and correct. +.Ip "\s-1SSL_RECEIVED_SHUTDOWN\s0" 4 +.IX Item "SSL_RECEIVED_SHUTDOWN" +A shutdown alert was received form the peer, either a normal \*(L"close notify\*(R" +or a fatal error. +.PP +\&\s-1SSL_SENT_SHUTDOWN\s0 and \s-1SSL_RECEIVED_SHUTDOWN\s0 can be set at the same time. +.PP +The shutdown state of the connection is used to determine the state of +the ssl session. If the session is still open, when +SSL_clear(3) or SSL_free(3) is called, +it is considered bad and removed according to \s-1RFC2246\s0. +The actual condition for a correctly closed session is \s-1SSL_SENT_SHUTDOWN\s0 +(according to the \s-1TLS\s0 \s-1RFC\s0, it is acceptable to only send the \*(L"close notify\*(R" +alert but to not wait for the peer's answer, when the underlying connection +is closed). +\&\fISSL_set_shutdown()\fR can be used to set this state without sending a +close alert to the peer (see SSL_shutdown(3)). +.PP +If a \*(L"close notify\*(R" was received, \s-1SSL_RECEIVED_SHUTDOWN\s0 will be set, +for setting \s-1SSL_SENT_SHUTDOWN\s0 the application must however still call +SSL_shutdown(3) or \fISSL_set_shutdown()\fR itself. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_shutdown()\fR does not return diagnostic information. +.PP +\&\fISSL_get_shutdown()\fR returns the current setting. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3) diff --git a/secure/lib/libcrypto/man/SSL_set_verify_result.3 b/secure/lib/libcrypto/man/SSL_set_verify_result.3 new file mode 100644 index 0000000..233d6e1 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_set_verify_result.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:41 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SET_VERIFY_RESULT 1" +.TH SSL_SET_VERIFY_RESULT 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_set_verify_result \- override result of peer certificate verification +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& void SSL_set_verify_result(SSL *ssl, long verify_result); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_set_verify_result()\fR sets \fBverify_result\fR of the object \fBssl\fR to be the +result of the verification of the X509 certificate presented by the peer, +if any. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_set_verify_result()\fR overrides the verification result. It only changes +the verification result of the \fBssl\fR object. It does not become part of the +established session, so if the session is to be reused later, the original +value will reappear. +.PP +The valid codes for \fBverify_result\fR are documented in verify(1). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISSL_set_verify_result()\fR does not provide a return value. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_get_verify_result(3), +SSL_get_peer_certificate(3), +verify(1) diff --git a/secure/lib/libcrypto/man/SSL_shutdown.3 b/secure/lib/libcrypto/man/SSL_shutdown.3 new file mode 100644 index 0000000..5a6b8fd --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_shutdown.3 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:43 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_SHUTDOWN 1" +.TH SSL_SHUTDOWN 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_shutdown(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_shutdown()\fR shuts down an active \s-1TLS/SSL\s0 connection. It sends the +\&\*(L"close notify\*(R" shutdown alert to the peer. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_shutdown()\fR tries to send the \*(L"close notify\*(R" shutdown alert to the peer. +Whether the operation succeeds or not, the \s-1SSL_SENT_SHUTDOWN\s0 flag is set and +a currently open session is considered closed and good and will be kept in the +session cache for further reuse. +.PP +The shutdown procedure consists of 2 steps: the sending of the \*(L"close notify\*(R" +shutdown alert and the reception of the peer's \*(L"close notify\*(R" shutdown +alert. According to the \s-1TLS\s0 standard, it is acceptable for an application +to only send its shutdown alert and then close the underlying connection +without waiting for the peer's response (this way resources can be saved, +as the process can already terminate or serve another connection). +When the underlying connection shall be used for more communications, the +complete shutdown procedure (bidirectional \*(L"close notify\*(R" alerts) must be +performed, so that the peers stay synchronized. +.PP +\&\fISSL_shutdown()\fR supports both uni- and bidirectional shutdown by its 2 step +behaviour. +.if n .Ip "When the application is the first party to send the """"close notify"""" alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's """"close notify"""" shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.el .Ip "When the application is the first party to send the ``close notify'' alert, \fISSL_shutdown()\fR will only send the alert and the set the \s-1SSL_SENT_SHUTDOWN\s0 flag (so that the session is considered good and will be kept in cache). \fISSL_shutdown()\fR will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to \fISSL_shutdown()\fR is sufficient. In order to complete the bidirectional shutdown handshake, \fISSL_shutdown()\fR must be called again. The second call will make \fISSL_shutdown()\fR wait for the peer's ``close notify'' shutdown alert. On success, the second call to \fISSL_shutdown()\fR will return with 1." 4 +.IX Item "When the application is the first party to send the "close notify alert, SSL_shutdown() will only send the alert and the set the SSL_SENT_SHUTDOWN flag (so that the session is considered good and will be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional shutdown is enough (the underlying connection shall be closed anyway), this first call to SSL_shutdown() is sufficient. In order to complete the bidirectional shutdown handshake, SSL_shutdown() must be called again. The second call will make SSL_shutdown() wait for the peer's close notify shutdown alert. On success, the second call to SSL_shutdown() will return with 1." +.PD 0 +.if n .Ip "If the peer already sent the """"close notify"""" alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the """"close notify"""" alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 +.el .Ip "If the peer already sent the ``close notify'' alert \fBand\fR it was already processed implicitly inside another function (SSL_read(3)), the \s-1SSL_RECEIVED_SHUTDOWN\s0 flag is set. \fISSL_shutdown()\fR will send the ``close notify'' alert, set the \s-1SSL_SENT_SHUTDOWN\s0 flag and will immediately return with 1. Whether \s-1SSL_RECEIVED_SHUTDOWN\s0 is already set can be checked using the \fISSL_get_shutdown()\fR (see also SSL_set_shutdown(3) call." 4 +.IX Item "If the peer already sent the "close notify alert and it was already processed implicitly inside another function (SSL_read(3)), the SSL_RECEIVED_SHUTDOWN flag is set. SSL_shutdown() will send the close notify alert, set the SSL_SENT_SHUTDOWN flag and will immediately return with 1. Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the SSL_get_shutdown() (see also SSL_set_shutdown(3) call." +.PD +.PP +It is therefore recommended, to check the return value of \fISSL_shutdown()\fR +and call \fISSL_shutdown()\fR again, if the bidirectional shutdown is not yet +complete (return value of the first call is 0). As the shutdown is not +specially handled in the SSLv2 protocol, \fISSL_shutdown()\fR will succeed on +the first call. +.PP +The behaviour of \fISSL_shutdown()\fR additionally depends on the underlying \s-1BIO\s0. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_shutdown()\fR will only return once the +handshake step has been finished or an error occurred. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_shutdown()\fR will also return +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_shutdown()\fR +to continue the handshake. In this case a call to \fISSL_get_error()\fR with the +return value of \fISSL_shutdown()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. The calling process then must repeat the call after +taking appropriate action to satisfy the needs of \fISSL_shutdown()\fR. +The action depends on the underlying \s-1BIO\s0. When using a non-blocking socket, +nothing is to be done, but \fIselect()\fR can be used to check for the required +condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data must be written +into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fISSL_shutdown()\fR can be modified to only set the connection to \*(L"shutdown\*(R" +state but not actually send the \*(L"close notify\*(R" alert messages, +see SSL_CTX_set_quiet_shutdown(3). +When \*(L"quiet shutdown\*(R" is enabled, \fISSL_shutdown()\fR will always succeed +and return 1. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip "1" 4 +.IX Item "1" +The shutdown was successfully completed. The \*(L"close notify\*(R" alert was sent +and the peer's \*(L"close notify\*(R" alert was received. +.Ip "0" 4 +The shutdown is not yet finished. Call \fISSL_shutdown()\fR for a second time, +if a bidirectional shutdown shall be performed. +The output of SSL_get_error(3) may be misleading, as an +erroneous \s-1SSL_ERROR_SYSCALL\s0 may be flagged even though no error occurred. +.Ip "\-1" 4 +.IX Item "-1" +The shutdown was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. It can also occur if +action is need to continue the operation for non-blocking BIOs. +Call SSL_get_error(3) with the return value \fBret\fR +to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_connect(3), +SSL_accept(3), SSL_set_shutdown(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_clear(3), SSL_free(3), +ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/SSL_state_string.3 b/secure/lib/libcrypto/man/SSL_state_string.3 new file mode 100644 index 0000000..ec018a0 --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_state_string.3 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:37 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_STATE_STRING 1" +.TH SSL_STATE_STRING 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& char *SSL_state_string(SSL *ssl); +\& char *SSL_state_string_long(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_state_string()\fR returns a 6 letter string indicating the current state +of the \s-1SSL\s0 object \fBssl\fR. +.PP +\&\fISSL_state_string_long()\fR returns a string indicating the current state of +the \s-1SSL\s0 object \fBssl\fR. +.SH "NOTES" +.IX Header "NOTES" +During its use, an \s-1SSL\s0 objects passes several states. The state is internally +maintained. Querying the state information is not very informative before +or when a connection has been established. It however can be of significant +interest during the handshake. +.PP +When using non-blocking sockets, the function call performing the handshake +may return with \s-1SSL_ERROR_WANT_READ\s0 or \s-1SSL_ERROR_WANT_WRITE\s0 condition, +so that SSL_state_string[_long]() may be called. +.PP +For both blocking or non-blocking sockets, the details state information +can be used within the info_callback function set with the +\&\fISSL_set_info_callback()\fR call. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +Detailed description of possible states to be included later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_CTX_set_info_callback(3) diff --git a/secure/lib/libcrypto/man/SSL_want.3 b/secure/lib/libcrypto/man/SSL_want.3 new file mode 100644 index 0000000..a37f70f --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_want.3 @@ -0,0 +1,204 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:22:40 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_WANT 1" +.TH SSL_WANT 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 5 +\& int SSL_want(SSL *ssl); +\& int SSL_want_nothing(SSL *ssl); +\& int SSL_want_read(SSL *ssl); +\& int SSL_want_write(SSL *ssl); +\& int SSL_want_x509_lookup(SSL *ssl); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_want()\fR returns state information for the \s-1SSL\s0 object \fBssl\fR. +.PP +The other SSL_want_*() calls are shortcuts for the possible states returned +by \fISSL_want()\fR. +.SH "NOTES" +.IX Header "NOTES" +\&\fISSL_want()\fR examines the internal state information of the \s-1SSL\s0 object. Its +return values are similar to that of SSL_get_error(3). +Unlike SSL_get_error(3), which also evaluates the +error queue, the results are obtained by examining an internal state flag +only. The information must therefore only be used for normal operation under +non-blocking I/O. Error conditions are not handled and must be treated +using SSL_get_error(3). +.PP +The result returned by \fISSL_want()\fR should always be consistent with +the result of SSL_get_error(3). +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can currently occur for \fISSL_want()\fR: +.Ip "\s-1SSL_NOTHING\s0" 4 +.IX Item "SSL_NOTHING" +There is no data to be written or to be read. +.Ip "\s-1SSL_WRITING\s0" 4 +.IX Item "SSL_WRITING" +There are data in the \s-1SSL\s0 buffer that must be written to the underlying +\&\fB\s-1BIO\s0\fR layer in order to complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +\&\s-1SSL_ERROR_WANT_WRITE\s0. +.Ip "\s-1SSL_READING\s0" 4 +.IX Item "SSL_READING" +More data must be read from the underlying \fB\s-1BIO\s0\fR layer in order to +complete the actual SSL_*() operation. +A call to SSL_get_error(3) should return +\&\s-1SSL_ERROR_WANT_READ\s0. +.Ip "\s-1SSL_X509_LOOKUP\s0" 4 +.IX Item "SSL_X509_LOOKUP" +The operation did not complete because an application callback set by +\&\fISSL_CTX_set_client_cert_cb()\fR has asked to be called again. +A call to SSL_get_error(3) should return +\&\s-1SSL_ERROR_WANT_X509_LOOKUP\s0. +.PP +\&\fISSL_want_nothing()\fR, \fISSL_want_read()\fR, \fISSL_want_write()\fR, \fISSL_want_x509_lookup()\fR +return 1, when the corresponding condition is true or 0 otherwise. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), err(3), SSL_get_error(3) diff --git a/secure/lib/libcrypto/man/SSL_write.3 b/secure/lib/libcrypto/man/SSL_write.3 new file mode 100644 index 0000000..b2dba0b --- /dev/null +++ b/secure/lib/libcrypto/man/SSL_write.3 @@ -0,0 +1,232 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:46 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL_WRITE 1" +.TH SSL_WRITE 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 1 +\& int SSL_write(SSL *ssl, const void *buf, int num); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_write()\fR writes \fBnum\fR bytes from the buffer \fBbuf\fR into the specified +\&\fBssl\fR connection. +.SH "NOTES" +.IX Header "NOTES" +If necessary, \fISSL_write()\fR will negotiate a \s-1TLS/SSL\s0 session, if +not already explicitly performed by SSL_connect(3) or +SSL_accept(3). If the +peer requests a re-negotiation, it will be performed transparently during +the \fISSL_write()\fR operation. The behaviour of \fISSL_write()\fR depends on the +underlying \s-1BIO\s0. +.PP +For the transparent negotiation to succeed, the \fBssl\fR must have been +initialized to client or server mode. This is being done by calling +SSL_set_connect_state(3) or \fISSL_set_accept_state()\fR +before the first call to an SSL_read(3) or \fISSL_write()\fR function. +.PP +If the underlying \s-1BIO\s0 is \fBblocking\fR, \fISSL_write()\fR will only return, once the +write operation has been finished or an error occurred, except when a +renegotiation take place, in which case a \s-1SSL_ERROR_WANT_READ\s0 may occur. +This behaviour can be controlled with the \s-1SSL_MODE_AUTO_RETRY\s0 flag of the +SSL_CTX_set_mode(3) call. +.PP +If the underlying \s-1BIO\s0 is \fBnon-blocking\fR, \fISSL_write()\fR will also return, +when the underlying \s-1BIO\s0 could not satisfy the needs of \fISSL_write()\fR +to continue the operation. In this case a call to +SSL_get_error(3) with the +return value of \fISSL_write()\fR will yield \fB\s-1SSL_ERROR_WANT_READ\s0\fR or +\&\fB\s-1SSL_ERROR_WANT_WRITE\s0\fR. As at any time a re-negotiation is possible, a +call to \fISSL_write()\fR can also cause read operations! The calling process +then must repeat the call after taking appropriate action to satisfy the +needs of \fISSL_write()\fR. The action depends on the underlying \s-1BIO\s0. When using a +non-blocking socket, nothing is to be done, but \fIselect()\fR can be used to check +for the required condition. When using a buffering \s-1BIO\s0, like a \s-1BIO\s0 pair, data +must be written into or retrieved out of the \s-1BIO\s0 before being able to continue. +.PP +\&\fISSL_write()\fR will only return with success, when the complete contents +of \fBbuf\fR of length \fBnum\fR has been written. This default behaviour +can be changed with the \s-1SSL_MODE_ENABLE_PARTIAL_WRITE\s0 option of +SSL_CTX_set_mode(3). When this flag is set, +\&\fISSL_write()\fR will also return with success, when a partial write has been +successfully completed. In this case the \fISSL_write()\fR operation is considered +completed. The bytes are sent and a new \fISSL_write()\fR operation with a new +buffer (with the already sent bytes removed) must be started. +A partial write is performed with the size of a message block, which is +16kB for SSLv3/TLSv1. +.SH "WARNING" +.IX Header "WARNING" +When an \fISSL_write()\fR operation has to be repeated because of +\&\fB\s-1SSL_ERROR_WANT_READ\s0\fR or \fB\s-1SSL_ERROR_WANT_WRITE\s0\fR, it must be repeated +with the same arguments. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +The following return values can occur: +.Ip ">0" 4 +.IX Item ">0" +The write operation was successful, the return value is the number of +bytes actually written to the \s-1TLS/SSL\s0 connection. +.Ip "0" 4 +The write operation was not successful. Probably the underlying connection +was closed. Call \fISSL_get_error()\fR with the return value \fBret\fR to find out, +whether an error occurred or the connection was shut down cleanly +(\s-1SSL_ERROR_ZERO_RETURN\s0). +.Sp +SSLv2 (deprecated) does not support a shutdown alert protocol, so it can +only be detected, whether the underlying connection was closed. It cannot +be checked, why the closure happened. +.Ip "<0" 4 +.IX Item "<0" +The write operation was not successful, because either an error occurred +or action must be taken by the calling process. Call \fISSL_get_error()\fR with the +return value \fBret\fR to find out the reason. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +SSL_get_error(3), SSL_read(3), +SSL_CTX_set_mode(3), SSL_CTX_new(3), +SSL_connect(3), SSL_accept(3) +SSL_set_connect_state(3), +ssl(3), bio(3) diff --git a/secure/lib/libcrypto/man/asn1parse.1 b/secure/lib/libcrypto/man/asn1parse.1 new file mode 100644 index 0000000..b3acd10 --- /dev/null +++ b/secure/lib/libcrypto/man/asn1parse.1 @@ -0,0 +1,251 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:13:52 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ASN1PARSE 1" +.TH ASN1PARSE 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +asn1parse \- \s-1ASN\s0.1 parsing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBasn1parse\fR +[\fB\-inform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-offset number\fR] +[\fB\-length number\fR] +[\fB\-i\fR] +[\fB\-oid filename\fR] +[\fB\-strparse offset\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBasn1parse\fR command is a diagnostic utility that can parse \s-1ASN\s0.1 +structures. It can also be used to extract data from \s-1ASN\s0.1 formatted data. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-inform\fR \fBDER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +the input format. \fB\s-1DER\s0\fR is binary format and \fB\s-1PEM\s0\fR (the default) is base64 +encoded. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +the input file, default is standard input +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +output file to place the \s-1DER\s0 encoded data into. If this +option is not present then no data will be output. This is most useful when +combined with the \fB\-strparse\fR option. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +don't output the parsed version of the input file. +.Ip "\fB\-offset number\fR" 4 +.IX Item "-offset number" +starting offset to begin parsing, default is start of file. +.Ip "\fB\-length number\fR" 4 +.IX Item "-length number" +number of bytes to parse, default is until end of file. +.Ip "\fB\-i\fR" 4 +.IX Item "-i" +indents the output according to the \*(L"depth\*(R" of the structures. +.Ip "\fB\-oid filename\fR" 4 +.IX Item "-oid filename" +a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this +file is described in the \s-1NOTES\s0 section below. +.Ip "\fB\-strparse offset\fR" 4 +.IX Item "-strparse offset" +parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This +option can be used multiple times to \*(L"drill down\*(R" into a nested structure. +.Sh "\s-1OUTPUT\s0" +.IX Subsection "OUTPUT" +The output will typically contain lines like this: +.PP +.Vb 1 +\& 0:d=0 hl=4 l= 681 cons: SEQUENCE +.Ve +\&..... +.PP +.Vb 10 +\& 229:d=3 hl=3 l= 141 prim: BIT STRING +\& 373:d=2 hl=3 l= 162 cons: cont [ 3 ] +\& 376:d=3 hl=3 l= 159 cons: SEQUENCE +\& 379:d=4 hl=2 l= 29 cons: SEQUENCE +\& 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier +\& 386:d=5 hl=2 l= 22 prim: OCTET STRING +\& 410:d=4 hl=2 l= 112 cons: SEQUENCE +\& 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier +\& 417:d=5 hl=2 l= 105 prim: OCTET STRING +\& 524:d=4 hl=2 l= 12 cons: SEQUENCE +.Ve +\&..... +.PP +This example is part of a self signed certificate. Each line starts with the +offset in decimal. \fBd=XX\fR specifies the current depth. The depth is increased +within the scope of any \s-1SET\s0 or \s-1SEQUENCE\s0. \fBhl=XX\fR gives the header length +(tag and length octets) of the current type. \fBl=XX\fR gives the length of +the contents octets. +.PP +The \fB\-i\fR option can be used to make the output more readable. +.PP +Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. +.PP +In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. +The contents octets of this will contain the public key information. This can +be examined using the option \fB\-strparse 229\fR to yield: +.PP +.Vb 3 +\& 0:d=0 hl=3 l= 137 cons: SEQUENCE +\& 3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897 +\& 135:d=1 hl=2 l= 3 prim: INTEGER :010001 +.Ve +.SH "NOTES" +.IX Header "NOTES" +If an \s-1OID\s0 is not part of OpenSSL's internal table it will be represented in +numerical form (for example 1.2.3.4). The file passed to the \fB\-oid\fR option +allows additional OIDs to be included. Each line consists of three columns, +the first column is the \s-1OID\s0 in numerical format and should be followed by white +space. The second column is the \*(L"short name\*(R" which is a single word followed +by white space. The final column is the rest of the line and is the +\&\*(L"long name\*(R". \fBasn1parse\fR displays the long name. Example: +.PP +\&\f(CW\*(C`1.2.3.4 shortName A long name\*(C'\fR +.SH "BUGS" +.IX Header "BUGS" +There should be options to change the format of input lines. The output of some +\&\s-1ASN\s0.1 types is not well handled (if at all). diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 new file mode 100644 index 0000000..7bf902e --- /dev/null +++ b/secure/lib/libcrypto/man/bio.3 @@ -0,0 +1,190 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:48 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BIO 1" +.TH BIO 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +bio \- I/O abstraction +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bio.h> +.Ve +\&\s-1TBA\s0 +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +A \s-1BIO\s0 is an I/O abstraction, it hides many of the underlying I/O +details from an application. If an application uses a \s-1BIO\s0 for its +I/O it can transparently handle \s-1SSL\s0 connections, unencrypted network +connections and file I/O. +.PP +There are two type of \s-1BIO\s0, a source/sink \s-1BIO\s0 and a filter \s-1BIO\s0. +.PP +As its name implies a source/sink \s-1BIO\s0 is a source and/or sink of data, +examples include a socket \s-1BIO\s0 and a file \s-1BIO\s0. +.PP +A filter \s-1BIO\s0 takes data from one \s-1BIO\s0 and passes it through to +another, or the application. The data may be left unmodified (for +example a message digest \s-1BIO\s0) or translated (for example an +encryption \s-1BIO\s0). The effect of a filter \s-1BIO\s0 may change according +to the I/O operation it is performing: for example an encryption +\&\s-1BIO\s0 will encrypt data if it is being written to and decrypt data +if it is being read from. +.PP +BIOs can be joined together to form a chain (a single \s-1BIO\s0 is a chain +with one component). A chain normally consist of one source/sink +\&\s-1BIO\s0 and one or more filter BIOs. Data read from or written to the +first \s-1BIO\s0 then traverses the chain to the end (normally a source/sink +\&\s-1BIO\s0). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +BIO_ctrl(3), +BIO_f_base64(3), BIO_f_buffer(3), +BIO_f_cipher(3), BIO_f_md(3), +BIO_f_null(3), BIO_f_ssl(3), +BIO_find_type(3), BIO_new(3), +BIO_new_bio_pair(3), +BIO_push(3), BIO_read(3), +BIO_s_accept(3), BIO_s_bio(3), +BIO_s_connect(3), BIO_s_fd(3), +BIO_s_file(3), BIO_s_mem(3), +BIO_s_null(3), BIO_s_socket(3), +BIO_set_callback(3), +BIO_should_retry(3) diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 new file mode 100644 index 0000000..607644b --- /dev/null +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -0,0 +1,247 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:51 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BLOWFISH 1" +.TH BLOWFISH 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt, +BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options \- Blowfish encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/blowfish.h> +.Ve +.Vb 1 +\& void BF_set_key(BF_KEY *key, int len, const unsigned char *data); +.Ve +.Vb 10 +\& void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, +\& BF_KEY *key, int enc); +\& void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, unsigned char *ivec, int enc); +\& void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, unsigned char *ivec, int *num, +\& int enc); +\& void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, BF_KEY *schedule, unsigned char *ivec, int *num); +\& const char *BF_options(void); +.Ve +.Vb 2 +\& void BF_encrypt(BF_LONG *data,const BF_KEY *key); +\& void BF_decrypt(BF_LONG *data,const BF_KEY *key); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Blowfish cipher, which is invented and described +by Counterpane (see http://www.counterpane.com/blowfish.html ). +.PP +Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128 bit (16 byte) keys are +a considered good for strong encryption. Blowfish can be used in the same +modes as \s-1DES\s0 (see des_modes(7)). Blowfish is currently one +of the faster block ciphers. It is quite a bit faster than \s-1DES\s0, and much +faster than \s-1IDEA\s0 or \s-1RC2\s0. +.PP +Blowfish consists of a key setup phase and the actual encryption or decryption +phase. +.PP +\&\fIBF_set_key()\fR sets up the \fB\s-1BF_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long key +at \fBdata\fR. +.PP +\&\fIBF_ecb_encrypt()\fR is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of \fBin\fR using the key \fBkey\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. The vector pointed at by +\&\fBin\fR and \fBout\fR must be 64 bits in length, no less. If they are larger, +everything after the first 64 bits is ignored. +.PP +The mode functions \fIBF_cbc_encrypt()\fR, \fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR +all operate on variable length data. They all take an initialization vector +\&\fBivec\fR which needs to be passed along into the next call of the same function +for the same message. \fBivec\fR may be initialized with anything, but the +recipient needs to know what it was initialized with, or it won't be able +to decrypt. Some programs and protocols simplify this, like \s-1SSH\s0, where +\&\fBivec\fR is simply initialized to zero. +\&\fIBF_cbc_encrypt()\fR operates of data that is a multiple of 8 bytes long, while +\&\fIBF_cfb64_encrypt()\fR and \fIBF_ofb64_encrypt()\fR are used to encrypt an variable +number of bytes (the amount does not have to be an exact multiple of 8). The +purpose of the latter two is to simulate stream ciphers, and therefore, they +need the parameter \fBnum\fR, which is a pointer to an integer where the current +offset in \fBivec\fR is stored between calls. This integer must be initialized +to zero when \fBivec\fR is initialized. +.PP +\&\fIBF_cbc_encrypt()\fR is the Cipher Block Chaining function for Blowfish. It +encrypts or decrypts the 64 bits chunks of \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\s-1BF_ENCRYPT\s0) or +decryption (\s-1BF_DECRYPT\s0) shall be performed. \fBivec\fR must point at an 8 byte +long initialization vector. +.PP +\&\fIBF_cfb64_encrypt()\fR is the \s-1CFB\s0 mode for Blowfish with 64 bit feedback. +It encrypts or decrypts the bytes in \fBin\fR using the key \fBschedule\fR, +putting the result in \fBout\fR. \fBenc\fR decides if encryption (\fB\s-1BF_ENCRYPT\s0\fR) +or decryption (\fB\s-1BF_DECRYPT\s0\fR) shall be performed. \fBivec\fR must point at an +8 byte long initialization vector. \fBnum\fR must point at an integer which must +be initially zero. +.PP +\&\fIBF_ofb64_encrypt()\fR is the \s-1OFB\s0 mode for Blowfish with 64 bit feedback. +It uses the same parameters as \fIBF_cfb64_encrypt()\fR, which must be initialized +the same way. +.PP +\&\fIBF_encrypt()\fR and \fIBF_decrypt()\fR are the lowest level functions for Blowfish +encryption. They encrypt/decrypt the first 64 bits of the vector pointed by +\&\fBdata\fR, using the key \fBkey\fR. These functions should not be used unless you +implement 'modes' of Blowfish. The alternative is to use \fIBF_ecb_encrypt()\fR. +If you still want to use these functions, you should be aware that they take +each 32\-bit chunk in host-byte order, which is little-endian on little-endian +platforms and big-endian on big-endian ones. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +None of the functions presented here return any value. +.SH "NOTE" +.IX Header "NOTE" +Applications should use the higher level functions +EVP_EncryptInit(3) etc. instead of calling the +blowfish functions directly. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +des_modes(7) +.SH "HISTORY" +.IX Header "HISTORY" +The Blowfish functions are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 new file mode 100644 index 0000000..4e4bba2 --- /dev/null +++ b/secure/lib/libcrypto/man/bn.3 @@ -0,0 +1,300 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:53 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN 1" +.TH BN 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +bn \- multiprecision integer arithmetics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/bn.h> +.Ve +.Vb 5 +\& BIGNUM *BN_new(void); +\& void BN_free(BIGNUM *a); +\& void BN_init(BIGNUM *); +\& void BN_clear(BIGNUM *a); +\& void BN_clear_free(BIGNUM *a); +.Ve +.Vb 3 +\& BN_CTX *BN_CTX_new(void); +\& void BN_CTX_init(BN_CTX *c); +\& void BN_CTX_free(BN_CTX *c); +.Ve +.Vb 2 +\& BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +\& BIGNUM *BN_dup(const BIGNUM *a); +.Ve +.Vb 3 +\& int BN_num_bytes(const BIGNUM *a); +\& int BN_num_bits(const BIGNUM *a); +\& int BN_num_bits_word(BN_ULONG w); +.Ve +.Vb 13 +\& int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); +\& int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +\& int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +\& int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, +\& BN_CTX *ctx); +\& int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); +\& int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); +\& int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, +\& BN_CTX *ctx); +\& int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); +\& int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, +\& const BIGNUM *m, BN_CTX *ctx); +\& int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +.Ve +.Vb 5 +\& int BN_add_word(BIGNUM *a, BN_ULONG w); +\& int BN_sub_word(BIGNUM *a, BN_ULONG w); +\& int BN_mul_word(BIGNUM *a, BN_ULONG w); +\& BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +\& BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +.Ve +.Vb 6 +\& int BN_cmp(BIGNUM *a, BIGNUM *b); +\& int BN_ucmp(BIGNUM *a, BIGNUM *b); +\& int BN_is_zero(BIGNUM *a); +\& int BN_is_one(BIGNUM *a); +\& int BN_is_word(BIGNUM *a, BN_ULONG w); +\& int BN_is_odd(BIGNUM *a); +.Ve +.Vb 5 +\& int BN_zero(BIGNUM *a); +\& int BN_one(BIGNUM *a); +\& BIGNUM *BN_value_one(void); +\& int BN_set_word(BIGNUM *a, unsigned long w); +\& unsigned long BN_get_word(BIGNUM *a); +.Ve +.Vb 4 +\& int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +\& int BN_rand_range(BIGNUM *rnd, BIGNUM *range); +\& int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +.Ve +.Vb 4 +\& BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, +\& BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); +\& int BN_is_prime(const BIGNUM *p, int nchecks, +\& void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); +.Ve +.Vb 8 +\& int BN_set_bit(BIGNUM *a, int n); +\& int BN_clear_bit(BIGNUM *a, int n); +\& int BN_is_bit_set(const BIGNUM *a, int n); +\& int BN_mask_bits(BIGNUM *a, int n); +\& int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +\& int BN_lshift1(BIGNUM *r, BIGNUM *a); +\& int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +\& int BN_rshift1(BIGNUM *r, BIGNUM *a); +.Ve +.Vb 10 +\& int BN_bn2bin(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); +\& char *BN_bn2hex(const BIGNUM *a); +\& char *BN_bn2dec(const BIGNUM *a); +\& int BN_hex2bn(BIGNUM **a, const char *str); +\& int BN_dec2bn(BIGNUM **a, const char *str); +\& int BN_print(BIO *fp, const BIGNUM *a); +\& int BN_print_fp(FILE *fp, const BIGNUM *a); +\& int BN_bn2mpi(const BIGNUM *a, unsigned char *to); +\& BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); +.Ve +.Vb 2 +\& BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, +\& BN_CTX *ctx); +.Ve +.Vb 6 +\& BN_RECP_CTX *BN_RECP_CTX_new(void); +\& void BN_RECP_CTX_init(BN_RECP_CTX *recp); +\& void BN_RECP_CTX_free(BN_RECP_CTX *recp); +\& int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); +\& int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_RECP_CTX *recp, BN_CTX *ctx); +.Ve +.Vb 11 +\& BN_MONT_CTX *BN_MONT_CTX_new(void); +\& void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +\& void BN_MONT_CTX_free(BN_MONT_CTX *mont); +\& int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); +\& BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +\& int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, +\& BN_MONT_CTX *mont, BN_CTX *ctx); +\& int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +\& int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, +\& BN_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library performs arithmetic operations on integers of arbitrary +size. It was written for use in public key cryptography, such as \s-1RSA\s0 +and Diffie-Hellman. +.PP +It uses dynamic memory allocation for storing its data structures. +That means that there is no limit on the size of the numbers +manipulated by these functions, but return values must always be +checked in case a memory allocation error has occurred. +.PP +The basic object in this library is a \fB\s-1BIGNUM\s0\fR. It is used to hold a +single large integer. This type should be considered opaque and fields +should not be modified or accessed directly. +.PP +The creation of \fB\s-1BIGNUM\s0\fR objects is described in BN_new(3); +BN_add(3) describes most of the arithmetic operations. +Comparison is described in BN_cmp(3); BN_zero(3) +describes certain assignments, BN_rand(3) the generation of +random numbers, BN_generate_prime(3) deals with prime +numbers and BN_set_bit(3) with bit operations. The conversion +of \fB\s-1BIGNUM\s0\fRs to external formats is described in BN_bn2bin(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn_internal(3), +dh(3), err(3), rand(3), rsa(3), +BN_new(3), BN_CTX_new(3), +BN_copy(3), BN_num_bytes(3), +BN_add(3), BN_add_word(3), +BN_cmp(3), BN_zero(3), BN_rand(3), +BN_generate_prime(3), BN_set_bit(3), +BN_bn2bin(3), BN_mod_inverse(3), +BN_mod_mul_reciprocal(3), +BN_mod_mul_montgomery(3) diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 new file mode 100644 index 0000000..245f380 --- /dev/null +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -0,0 +1,365 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:55 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BN_INTERNAL 1" +.TH BN_INTERNAL 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words, +bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8, +bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal, +bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive, +bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive, +bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top, +bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low \- \s-1BIGNUM\s0 +library internal functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 9 +\& BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); +\& BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, +\& BN_ULONG w); +\& void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); +\& BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +\& BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, +\& int num); +\& BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp, +\& int num); +.Ve +.Vb 4 +\& void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); +\& void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b); +\& void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a); +\& void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a); +.Ve +.Vb 1 +\& int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n); +.Ve +.Vb 11 +\& void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, +\& int nb); +\& void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n); +\& void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, +\& BN_ULONG *tmp); +\& void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, +\& int tn, int n, BN_ULONG *tmp); +\& void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, +\& int n2, BN_ULONG *tmp); +\& void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, +\& int n2, BN_ULONG *tmp); +.Ve +.Vb 2 +\& void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); +\& void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp); +.Ve +.Vb 3 +\& void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); +\& void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c); +\& void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a); +.Ve +.Vb 4 +\& BIGNUM *bn_expand(BIGNUM *a, int bits); +\& BIGNUM *bn_wexpand(BIGNUM *a, int n); +\& BIGNUM *bn_expand2(BIGNUM *a, int n); +\& void bn_fix_top(BIGNUM *a); +.Ve +.Vb 6 +\& void bn_check_top(BIGNUM *a); +\& void bn_print(BIGNUM *a); +\& void bn_dump(BN_ULONG *d, int n); +\& void bn_set_max(BIGNUM *a); +\& void bn_set_high(BIGNUM *r, BIGNUM *a, int n); +\& void bn_set_low(BIGNUM *r, BIGNUM *a, int n); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This page documents the internal functions used by the OpenSSL +\&\fB\s-1BIGNUM\s0\fR implementation. They are described here to facilitate +debugging and extending the library. They are \fInot\fR to be used by +applications. +.Sh "The \s-1BIGNUM\s0 structure" +.IX Subsection "The BIGNUM structure" +.Vb 7 +\& typedef struct bignum_st +\& { +\& int top; /* index of last used d (most significant word) */ +\& BN_ULONG *d; /* pointer to an array of 'BITS2' bit chunks */ +\& int max; /* size of the d array */ +\& int neg; /* sign */ +\& } BIGNUM; +.Ve +The big number is stored in \fBd\fR, a \fImalloc()\fRed array of \fB\s-1BN_ULONG\s0\fRs, +least significant first. A \fB\s-1BN_ULONG\s0\fR can be either 16, 32 or 64 bits +in size (\fB\s-1BITS2\s0\fR), depending on the 'number of bits' specified in +\&\f(CW\*(C`openssl/bn.h\*(C'\fR. +.PP +\&\fBmax\fR is the size of the \fBd\fR array that has been allocated. \fBtop\fR +is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and +bn.top=1. \fBneg\fR is 1 if the number is negative. When a \fB\s-1BIGNUM\s0\fR is +\&\fB0\fR, the \fBd\fR field can be \fB\s-1NULL\s0\fR and \fBtop\fR == \fB0\fR. +.PP +Various routines in this library require the use of temporary +\&\fB\s-1BIGNUM\s0\fR variables during their execution. Since dynamic memory +allocation to create \fB\s-1BIGNUM\s0\fRs is rather expensive when used in +conjunction with repeated subroutine calls, the \fB\s-1BN_CTX\s0\fR structure is +used. This structure contains \fB\s-1BN_CTX_NUM\s0\fR \fB\s-1BIGNUM\s0\fRs, see +BN_CTX_start(3). +.Sh "Low-level arithmetic operations" +.IX Subsection "Low-level arithmetic operations" +These functions are implemented in C and for several platforms in +assembly language: +.PP +bn_mul_words(\fBrp\fR, \fBap\fR, \fBnum\fR, \fBw\fR) operates on the \fBnum\fR word +arrays \fBrp\fR and \fBap\fR. It computes \fBap\fR * \fBw\fR, places the result +in \fBrp\fR, and returns the high word (carry). +.PP +bn_mul_add_words(\fBrp\fR, \fBap\fR, \fBnum\fR, \fBw\fR) operates on the \fBnum\fR +word arrays \fBrp\fR and \fBap\fR. It computes \fBap\fR * \fBw\fR + \fBrp\fR, places +the result in \fBrp\fR, and returns the high word (carry). +.PP +bn_sqr_words(\fBrp\fR, \fBap\fR, \fBn\fR) operates on the \fBnum\fR word array +\&\fBap\fR and the 2*\fBnum\fR word array \fBap\fR. It computes \fBap\fR * \fBap\fR +word-wise, and places the low and high bytes of the result in \fBrp\fR. +.PP +bn_div_words(\fBh\fR, \fBl\fR, \fBd\fR) divides the two word number (\fBh\fR,\fBl\fR) +by \fBd\fR and returns the result. +.PP +bn_add_words(\fBrp\fR, \fBap\fR, \fBbp\fR, \fBnum\fR) operates on the \fBnum\fR word +arrays \fBap\fR, \fBbp\fR and \fBrp\fR. It computes \fBap\fR + \fBbp\fR, places the +result in \fBrp\fR, and returns the high word (carry). +.PP +bn_sub_words(\fBrp\fR, \fBap\fR, \fBbp\fR, \fBnum\fR) operates on the \fBnum\fR word +arrays \fBap\fR, \fBbp\fR and \fBrp\fR. It computes \fBap\fR \- \fBbp\fR, places the +result in \fBrp\fR, and returns the carry (1 if \fBbp\fR > \fBap\fR, 0 +otherwise). +.PP +bn_mul_comba4(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 4 word arrays \fBa\fR and +\&\fBb\fR and the 8 word array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the +result in \fBr\fR. +.PP +bn_mul_comba8(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 8 word arrays \fBa\fR and +\&\fBb\fR and the 16 word array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the +result in \fBr\fR. +.PP +bn_sqr_comba4(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 4 word arrays \fBa\fR and +\&\fBb\fR and the 8 word array \fBr\fR. +.PP +bn_sqr_comba8(\fBr\fR, \fBa\fR, \fBb\fR) operates on the 8 word arrays \fBa\fR and +\&\fBb\fR and the 16 word array \fBr\fR. +.PP +The following functions are implemented in C: +.PP +bn_cmp_words(\fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR word arrays \fBa\fR +and \fBb\fR. It returns 1, 0 and \-1 if \fBa\fR is greater than, equal and +less than \fBb\fR. +.PP +bn_mul_normal(\fBr\fR, \fBa\fR, \fBna\fR, \fBb\fR, \fBnb\fR) operates on the \fBna\fR +word array \fBa\fR, the \fBnb\fR word array \fBb\fR and the \fBna\fR+\fBnb\fR word +array \fBr\fR. It computes \fBa\fR*\fBb\fR and places the result in \fBr\fR. +.PP +bn_mul_low_normal(\fBr\fR, \fBa\fR, \fBb\fR, \fBn\fR) operates on the \fBn\fR word +arrays \fBr\fR, \fBa\fR and \fBb\fR. It computes the \fBn\fR low words of +\&\fBa\fR*\fBb\fR and places the result in \fBr\fR. +.PP +bn_mul_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBt\fR) operates on the \fBn2\fR +word arrays \fBa\fR and \fBb\fR and the 2*\fBn2\fR word arrays \fBr\fR and \fBt\fR. +\&\fBn2\fR must be a power of 2. It computes \fBa\fR*\fBb\fR and places the +result in \fBr\fR. +.PP +bn_mul_part_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBtn\fR, \fBn\fR, \fBtmp\fR) operates +on the \fBn\fR+\fBtn\fR word arrays \fBa\fR and \fBb\fR and the 4*\fBn\fR word arrays +\&\fBr\fR and \fBtmp\fR. +.PP +bn_mul_low_recursive(\fBr\fR, \fBa\fR, \fBb\fR, \fBn2\fR, \fBtmp\fR) operates on the +\&\fBn2\fR word arrays \fBr\fR and \fBtmp\fR and the \fBn2\fR/2 word arrays \fBa\fR +and \fBb\fR. +.PP +bn_mul_high(\fBr\fR, \fBa\fR, \fBb\fR, \fBl\fR, \fBn2\fR, \fBtmp\fR) operates on the +\&\fBn2\fR word arrays \fBr\fR, \fBa\fR, \fBb\fR and \fBl\fR (?) and the 3*\fBn2\fR word +array \fBtmp\fR. +.PP +\&\fIBN_mul()\fR calls \fIbn_mul_normal()\fR, or an optimized implementation if the +factors have the same size: \fIbn_mul_comba8()\fR is used if they are 8 +words long, \fIbn_mul_recursive()\fR if they are larger than +\&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR and the size is an exact multiple of the word +size, and \fIbn_mul_part_recursive()\fR for others that are larger than +\&\fB\s-1BN_MULL_SIZE_NORMAL\s0\fR. +.PP +bn_sqr_normal(\fBr\fR, \fBa\fR, \fBn\fR, \fBtmp\fR) operates on the \fBn\fR word array +\&\fBa\fR and the 2*\fBn\fR word arrays \fBtmp\fR and \fBr\fR. +.PP +The implementations use the following macros which, depending on the +architecture, may use \*(L"long long\*(R" C operations or inline assembler. +They are defined in \f(CW\*(C`bn_lcl.h\*(C'\fR. +.PP +mul(\fBr\fR, \fBa\fR, \fBw\fR, \fBc\fR) computes \fBw\fR*\fBa\fR+\fBc\fR and places the +low word of the result in \fBr\fR and the high word in \fBc\fR. +.PP +mul_add(\fBr\fR, \fBa\fR, \fBw\fR, \fBc\fR) computes \fBw\fR*\fBa\fR+\fBr\fR+\fBc\fR and +places the low word of the result in \fBr\fR and the high word in \fBc\fR. +.PP +sqr(\fBr0\fR, \fBr1\fR, \fBa\fR) computes \fBa\fR*\fBa\fR and places the low word +of the result in \fBr0\fR and the high word in \fBr1\fR. +.Sh "Size changes" +.IX Subsection "Size changes" +\&\fIbn_expand()\fR ensures that \fBb\fR has enough space for a \fBbits\fR bit +number. \fIbn_wexpand()\fR ensures that \fBb\fR has enough space for an +\&\fBn\fR word number. If the number has to be expanded, both macros +call \fIbn_expand2()\fR, which allocates a new \fBd\fR array and copies the +data. They return \fB\s-1NULL\s0\fR on error, \fBb\fR otherwise. +.PP +The \fIbn_fix_top()\fR macro reduces \fBa->top\fR to point to the most +significant non-zero word when \fBa\fR has shrunk. +.Sh "Debugging" +.IX Subsection "Debugging" +\&\fIbn_check_top()\fR verifies that \f(CW\*(C`((a)\->top >= 0 && (a)\->top +<= (a)\->max)\*(C'\fR. A violation will cause the program to abort. +.PP +\&\fIbn_print()\fR prints \fBa\fR to stderr. \fIbn_dump()\fR prints \fBn\fR words at \fBd\fR +(in reverse order, i.e. most significant word first) to stderr. +.PP +\&\fIbn_set_max()\fR makes \fBa\fR a static number with a \fBmax\fR of its current size. +This is used by \fIbn_set_low()\fR and \fIbn_set_high()\fR to make \fBr\fR a read-only +\&\fB\s-1BIGNUM\s0\fR that contains the \fBn\fR low or high words of \fBa\fR. +.PP +If \fB\s-1BN_DEBUG\s0\fR is not defined, \fIbn_check_top()\fR, \fIbn_print()\fR, \fIbn_dump()\fR +and \fIbn_set_max()\fR are defined as empty macros. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3) diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 new file mode 100644 index 0000000..3dee989 --- /dev/null +++ b/secure/lib/libcrypto/man/buffer.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:18:59 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "BUFFER 1" +.TH BUFFER 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple +character arrays structure +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/buffer.h> +.Ve +.Vb 1 +\& BUF_MEM *BUF_MEM_new(void); +.Ve +.Vb 1 +\& void BUF_MEM_free(BUF_MEM *a); +.Ve +.Vb 1 +\& int BUF_MEM_grow(BUF_MEM *str, int len); +.Ve +.Vb 1 +\& char * BUF_strdup(const char *str); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The buffer library handles simple character arrays. Buffers are used for +various purposes in the library, most notably memory BIOs. +.PP +The library uses the \s-1BUF_MEM\s0 structure defined in buffer.h: +.PP +.Vb 6 +\& typedef struct buf_mem_st +\& { +\& int length; /* current number of bytes */ +\& char *data; +\& int max; /* size of buffer */ +\& } BUF_MEM; +.Ve +\&\fBlength\fR is the current size of the buffer in bytes, \fBmax\fR is the amount of +memory allocated to the buffer. There are three functions which handle these +and one \*(L"miscellaneous\*(R" function. +.PP +\&\fIBUF_MEM_new()\fR allocates a new buffer of zero size. +.PP +\&\fIBUF_MEM_free()\fR frees up an already existing buffer. The data is zeroed +before freeing up in case the buffer contains sensitive data. +.PP +\&\fIBUF_MEM_grow()\fR changes the size of an already existing buffer to +\&\fBlen\fR. Any data already in the buffer is preserved if it increases in +size. +.PP +\&\fIBUF_strdup()\fR copies a null terminated string into a block of allocated +memory and returns a pointer to the allocated block. +Unlike the standard C library \fIstrdup()\fR this function uses \fIOPENSSL_malloc()\fR and so +should be used in preference to the standard library \fIstrdup()\fR because it can +be used for memory leak checking or replacing the \fImalloc()\fR function. +.PP +The memory allocated from \fIBUF_strdup()\fR should be freed up using the \fIOPENSSL_free()\fR +function. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIBUF_MEM_new()\fR returns the buffer or \s-1NULL\s0 on error. +.PP +\&\fIBUF_MEM_free()\fR has no return value. +.PP +\&\fIBUF_MEM_grow()\fR returns zero on error or the new size (i.e. \fBlen\fR). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIBUF_MEM_new()\fR, \fIBUF_MEM_free()\fR and \fIBUF_MEM_grow()\fR are available in all +versions of SSLeay and OpenSSL. \fIBUF_strdup()\fR was added in SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/ca.1 b/secure/lib/libcrypto/man/ca.1 new file mode 100644 index 0000000..7f1f5ec --- /dev/null +++ b/secure/lib/libcrypto/man/ca.1 @@ -0,0 +1,587 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:13:55 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CA 1" +.TH CA 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ca \- sample minimal \s-1CA\s0 application +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBca\fR +[\fB\-verbose\fR] +[\fB\-config filename\fR] +[\fB\-name section\fR] +[\fB\-gencrl\fR] +[\fB\-revoke file\fR] +[\fB\-crldays days\fR] +[\fB\-crlhours hours\fR] +[\fB\-crlexts section\fR] +[\fB\-startdate date\fR] +[\fB\-enddate date\fR] +[\fB\-days arg\fR] +[\fB\-md arg\fR] +[\fB\-policy arg\fR] +[\fB\-keyfile arg\fR] +[\fB\-key arg\fR] +[\fB\-passin arg\fR] +[\fB\-cert file\fR] +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-notext\fR] +[\fB\-outdir dir\fR] +[\fB\-infiles\fR] +[\fB\-spkac file\fR] +[\fB\-ss_cert file\fR] +[\fB\-preserveDN\fR] +[\fB\-batch\fR] +[\fB\-msie_hack\fR] +[\fB\-extensions section\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used +to sign certificate requests in a variety of forms and generate +CRLs it also maintains a text database of issued certificates +and their status. +.PP +The options descriptions will be divided into each purpose. +.SH "CA OPTIONS" +.IX Header "CA OPTIONS" +.Ip "\fB\-config filename\fR" 4 +.IX Item "-config filename" +specifies the configuration file to use. +.Ip "\fB\-name section\fR" 4 +.IX Item "-name section" +specifies the configuration file section to use (overrides +\&\fBdefault_ca\fR in the \fBca\fR section). +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +an input filename containing a single certificate request to be +signed by the \s-1CA\s0. +.Ip "\fB\-ss_cert filename\fR" 4 +.IX Item "-ss_cert filename" +a single self signed certificate to be signed by the \s-1CA\s0. +.Ip "\fB\-spkac filename\fR" 4 +.IX Item "-spkac filename" +a file containing a single Netscape signed public key and challenge +and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1NOTES\s0\fR +section for information on the required format. +.Ip "\fB\-infiles\fR" 4 +.IX Item "-infiles" +if present this should be the last option, all subsequent arguments +are assumed to the the names of files containing certificate requests. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +the output file to output certificates to. The default is standard +output. The certificate details will also be printed out to this +file. +.Ip "\fB\-outdir directory\fR" 4 +.IX Item "-outdir directory" +the directory to output certificates to. The certificate will be +written to a filename consisting of the serial number in hex with +\&\*(L".pem\*(R" appended. +.Ip "\fB\-cert\fR" 4 +.IX Item "-cert" +the \s-1CA\s0 certificate file. +.Ip "\fB\-keyfile filename\fR" 4 +.IX Item "-keyfile filename" +the private key to sign requests with. +.Ip "\fB\-key password\fR" 4 +.IX Item "-key password" +the password used to encrypt the private key. Since on some +systems the command line arguments are visible (e.g. Unix with +the 'ps' utility) this option should be used with caution. +.Ip "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +=item \fB\-verbose\fR +.Sp +this prints extra details about the operations being performed. +.Ip "\fB\-notext\fR" 4 +.IX Item "-notext" +don't output the text form of a certificate to the output file. +.Ip "\fB\-startdate date\fR" 4 +.IX Item "-startdate date" +this allows the start date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). +.Ip "\fB\-enddate date\fR" 4 +.IX Item "-enddate date" +this allows the expiry date to be explicitly set. The format of the +date is \s-1YYMMDDHHMMSSZ\s0 (the same as an \s-1ASN1\s0 UTCTime structure). +.Ip "\fB\-days arg\fR" 4 +.IX Item "-days arg" +the number of days to certify the certificate for. +.Ip "\fB\-md alg\fR" 4 +.IX Item "-md alg" +the message digest to use. Possible values include md5, sha1 and mdc2. +This option also applies to CRLs. +.Ip "\fB\-policy arg\fR" 4 +.IX Item "-policy arg" +this option defines the \s-1CA\s0 \*(L"policy\*(R" to use. This is a section in +the configuration file which decides which fields should be mandatory +or match the \s-1CA\s0 certificate. Check out the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +for more information. +.Ip "\fB\-msie_hack\fR" 4 +.IX Item "-msie_hack" +this is a legacy option to make \fBca\fR work with very old versions of +the \s-1IE\s0 certificate enrollment control \*(L"certenr3\*(R". It used UniversalStrings +for almost everything. Since the old control has various security bugs +its use is strongly discouraged. The newer control \*(L"Xenroll\*(R" does not +need this option. +.Ip "\fB\-preserveDN\fR" 4 +.IX Item "-preserveDN" +Normally the \s-1DN\s0 order of a certificate is the same as the order of the +fields in the relevant policy section. When this option is set the order +is the same as the request. This is largely for compatibility with the +older \s-1IE\s0 enrollment control which would only accept certificates if their +DNs match the order of the request. This is not needed for Xenroll. +.Ip "\fB\-batch\fR" 4 +.IX Item "-batch" +this sets the batch mode. In this mode no questions will be asked +and all certificates will be certified automatically. +.Ip "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +the section of the configuration file containing certificate extensions +to be added when a certificate is issued. If no extension section is +present then a V1 certificate is created. If the extension section +is present (even if it is empty) then a V3 certificate is created. +.SH "CRL OPTIONS" +.IX Header "CRL OPTIONS" +.Ip "\fB\-gencrl\fR" 4 +.IX Item "-gencrl" +this option generates a \s-1CRL\s0 based on information in the index file. +.Ip "\fB\-crldays num\fR" 4 +.IX Item "-crldays num" +the number of days before the next \s-1CRL\s0 is due. That is the days from +now to place in the \s-1CRL\s0 nextUpdate field. +.Ip "\fB\-crlhours num\fR" 4 +.IX Item "-crlhours num" +the number of hours before the next \s-1CRL\s0 is due. +.Ip "\fB\-revoke filename\fR" 4 +.IX Item "-revoke filename" +a filename containing a certificate to revoke. +.Ip "\fB\-crlexts section\fR" 4 +.IX Item "-crlexts section" +the section of the configuration file containing \s-1CRL\s0 extensions to +include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is +created, if the \s-1CRL\s0 extension section is present (even if it is +empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are +\&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted +that some software (for example Netscape) can't handle V2 CRLs. +.SH "CONFIGURATION FILE OPTIONS" +.IX Header "CONFIGURATION FILE OPTIONS" +The section of the configuration file containing options for \fBca\fR +is found as follows: If the \fB\-name\fR command line option is used, +then it names the section to be used. Otherwise the section to +be used must be named in the \fBdefault_ca\fR option of the \fBca\fR section +of the configuration file (or in the default section of the +configuration file). Besides \fBdefault_ca\fR, the following options are +read directly from the \fBca\fR section: + \s-1RANDFILE\s0 + preserve + msie_hack +With the exception of \fB\s-1RANDFILE\s0\fR, this is probably a bug and may +change in future releases. +.PP +Many of the configuration file options are identical to command line +options. Where the option is present in the configuration file +and the command line the command line value is used. Where an +option is described as mandatory then it must be present in +the configuration file or the command line equivalent (if +any) used. +.Ip "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.Ip "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.Ip "\fBnew_certs_dir\fR" 4 +.IX Item "new_certs_dir" +the same as the \fB\-outdir\fR command line option. It specifies +the directory where new certificates will be placed. Mandatory. +.Ip "\fBcertificate\fR" 4 +.IX Item "certificate" +the same as \fB\-cert\fR. It gives the file containing the \s-1CA\s0 +certificate. Mandatory. +.Ip "\fBprivate_key\fR" 4 +.IX Item "private_key" +same as the \fB\-keyfile\fR option. The file containing the +\&\s-1CA\s0 private key. Mandatory. +.Ip "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +a file used to read and write random number seed information, or +an \s-1EGD\s0 socket (see RAND_egd(3)). +.Ip "\fBdefault_days\fR" 4 +.IX Item "default_days" +the same as the \fB\-days\fR option. The number of days to certify +a certificate for. +.Ip "\fBdefault_startdate\fR" 4 +.IX Item "default_startdate" +the same as the \fB\-startdate\fR option. The start date to certify +a certificate for. If not set the current time is used. +.Ip "\fBdefault_enddate\fR" 4 +.IX Item "default_enddate" +the same as the \fB\-enddate\fR option. Either this option or +\&\fBdefault_days\fR (or the command line equivalents) must be +present. +.Ip "\fBdefault_crl_hours default_crl_days\fR" 4 +.IX Item "default_crl_hours default_crl_days" +the same as the \fB\-crlhours\fR and the \fB\-crldays\fR options. These +will only be used if neither command line option is present. At +least one of these must be present to generate a \s-1CRL\s0. +.Ip "\fBdefault_md\fR" 4 +.IX Item "default_md" +the same as the \fB\-md\fR option. The message digest to use. Mandatory. +.Ip "\fBdatabase\fR" 4 +.IX Item "database" +the text database file to use. Mandatory. This file must be present +though initially it will be empty. +.Ip "\fBserialfile\fR" 4 +.IX Item "serialfile" +a text file containing the next serial number to use in hex. Mandatory. +This file must be present and contain a valid serial number. +.Ip "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +the same as \fB\-extensions\fR. +.Ip "\fBcrl_extensions\fR" 4 +.IX Item "crl_extensions" +the same as \fB\-crlexts\fR. +.Ip "\fBpreserve\fR" 4 +.IX Item "preserve" +the same as \fB\-preserveDN\fR +.Ip "\fBmsie_hack\fR" 4 +.IX Item "msie_hack" +the same as \fB\-msie_hack\fR +.Ip "\fBpolicy\fR" 4 +.IX Item "policy" +the same as \fB\-policy\fR. Mandatory. See the \fB\s-1POLICY\s0 \s-1FORMAT\s0\fR section +for more information. +.SH "POLICY FORMAT" +.IX Header "POLICY FORMAT" +The policy section consists of a set of variables corresponding to +certificate \s-1DN\s0 fields. If the value is \*(L"match\*(R" then the field value +must match the same field in the \s-1CA\s0 certificate. If the value is +\&\*(L"supplied\*(R" then it must be present. If the value is \*(L"optional\*(R" then +it may be present. Any fields not mentioned in the policy section +are silently deleted, unless the \fB\-preserveDN\fR option is set but +this can be regarded more of a quirk than intended behaviour. +.SH "SPKAC FORMAT" +.IX Header "SPKAC FORMAT" +The input to the \fB\-spkac\fR command line option is a Netscape +signed public key and challenge. This will usually come from +the \fB\s-1KEYGEN\s0\fR tag in an \s-1HTML\s0 form to create a new private key. +It is however possible to create SPKACs using the \fBspkac\fR utility. +.PP +The file should contain the variable \s-1SPKAC\s0 set to the value of +the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. +If you need to include the same component twice then it can be +preceded by a number and a '.'. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: these examples assume that the \fBca\fR directory structure is +already set up and the relevant files already exist. This usually +involves creating a \s-1CA\s0 certificate and private key with \fBreq\fR, a +serial number file and an empty index file and placing them in +the relevant directories. +.PP +To use the sample configuration file below the directories demoCA, +demoCA/private and demoCA/newcerts would be created. The \s-1CA\s0 +certificate would be copied to demoCA/cacert.pem and its private +key to demoCA/private/cakey.pem. A file demoCA/serial would be +created containing for example \*(L"01\*(R" and the empty index file +demoCA/index.txt. +.PP +Sign a certificate request: +.PP +.Vb 1 +\& openssl ca -in req.pem -out newcert.pem +.Ve +Sign a certificate request, using \s-1CA\s0 extensions: +.PP +.Vb 1 +\& openssl ca -in req.pem -extensions v3_ca -out newcert.pem +.Ve +Generate a \s-1CRL\s0 +.PP +.Vb 1 +\& openssl ca -gencrl -out crl.pem +.Ve +Sign several requests: +.PP +.Vb 1 +\& openssl ca -infiles req1.pem req2.pem req3.pem +.Ve +Certify a Netscape \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl ca -spkac spkac.txt +.Ve +A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): +.PP +.Vb 5 +\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5 +\& CN=Steve Test +\& emailAddress=steve@openssl.org +\& 0.OU=OpenSSL Group +\& 1.OU=Another Group +.Ve +A sample configuration file with the relevant sections for \fBca\fR: +.PP +.Vb 2 +\& [ ca ] +\& default_ca = CA_default # The default ca section +.Ve +.Vb 1 +\& [ CA_default ] +.Ve +.Vb 3 +\& dir = ./demoCA # top dir +\& database = $dir/index.txt # index file. +\& new_certs_dir = $dir/newcerts # new certs dir +.Ve +.Vb 4 +\& certificate = $dir/cacert.pem # The CA cert +\& serial = $dir/serial # serial no file +\& private_key = $dir/private/cakey.pem# CA private key +\& RANDFILE = $dir/private/.rand # random number file +.Ve +.Vb 3 +\& default_days = 365 # how long to certify for +\& default_crl_days= 30 # how long before next CRL +\& default_md = md5 # md to use +.Ve +.Vb 1 +\& policy = policy_any # default policy +.Ve +.Vb 7 +\& [ policy_any ] +\& countryName = supplied +\& stateOrProvinceName = optional +\& organizationName = optional +\& organizationalUnitName = optional +\& commonName = supplied +\& emailAddress = optional +.Ve +.SH "WARNINGS" +.IX Header "WARNINGS" +The \fBca\fR command is quirky and at times downright unfriendly. +.PP +The \fBca\fR utility was originally meant as an example of how to do things +in a \s-1CA\s0. It was not supposed be be used as a full blown \s-1CA\s0 itself: +nevertheless some people are using it for this purpose. +.PP +The \fBca\fR command is effectively a single user command: no locking is +done on the various files and attempts to run more than one \fBca\fR command +on the same database can have unpredictable results. +.SH "FILES" +.IX Header "FILES" +Note: the location of all files can change either by compile time options, +configuration file entries, environment variables or command line options. +The values below reflect the default values. +.PP +.Vb 10 +\& /usr/local/ssl/lib/openssl.cnf - master configuration file +\& ./demoCA - main CA directory +\& ./demoCA/cacert.pem - CA certificate +\& ./demoCA/private/cakey.pem - CA private key +\& ./demoCA/serial - CA serial number file +\& ./demoCA/serial.old - CA serial number backup file +\& ./demoCA/index.txt - CA text database file +\& ./demoCA/index.txt.old - CA text database backup file +\& ./demoCA/certs - certificate output file +\& ./demoCA/.rnd - CA random seed information +.Ve +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +\&\fB\s-1OPENSSL_CONF\s0\fR reflects the location of master configuration file it can +be overridden by the \fB\-config\fR command line option. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +The text database index file is a critical part of the process and +if corrupted it can be difficult to fix. It is theoretically possible +to rebuild the index file from all the issued certificates and a current +\&\s-1CRL:\s0 however there is no option to do this. +.PP +\&\s-1CRL\s0 entry extensions cannot currently be created: only \s-1CRL\s0 extensions +can be added. +.PP +V2 \s-1CRL\s0 features like delta \s-1CRL\s0 support and \s-1CRL\s0 numbers are not currently +supported. +.PP +Although several requests can be input and handled at once it is only +possible to include one \s-1SPKAC\s0 or self signed certificate. +.SH "BUGS" +.IX Header "BUGS" +The use of an in memory text database can cause problems when large +numbers of certificates are present because, as the name implies +the database has to be kept in memory. +.PP +Certificate request extensions are ignored: some kind of \*(L"policy\*(R" should +be included to use certain static extensions and certain extensions +from the request. +.PP +It is not possible to certify two certificates with the same \s-1DN:\s0 this +is a side effect of how the text database is indexed and it cannot easily +be fixed without introducing other problems. Some S/MIME clients can use +two certificates with the same \s-1DN\s0 for separate signing and encryption +keys. +.PP +The \fBca\fR command really needs rewriting or the required functionality +exposed at either a command or interface level so a more friendly utility +(perl script or \s-1GUI\s0) can handle things properly. The scripts \fB\s-1CA\s0.sh\fR and +\&\fB\s-1CA\s0.pl\fR help a little but not very much. +.PP +Any fields in a request that are not present in a policy are silently +deleted. This does not happen if the \fB\-preserveDN\fR option is used but +the extra fields are not displayed when the user is asked to certify +a request. The behaviour should be more friendly and configurable. +.PP +Cancelling some commands by refusing to certify a certificate can +create an empty file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +req(1), spkac(1), x509(1), CA.pl(1), +config(5) diff --git a/secure/lib/libcrypto/man/ciphers.1 b/secure/lib/libcrypto/man/ciphers.1 new file mode 100644 index 0000000..19d38ec --- /dev/null +++ b/secure/lib/libcrypto/man/ciphers.1 @@ -0,0 +1,447 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:13:58 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CIPHERS 1" +.TH CIPHERS 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +ciphers \- \s-1SSL\s0 cipher display and cipher list tool. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBciphers\fR +[\fB\-v\fR] +[\fB\-ssl2\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fBcipherlist\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcipherlist\fR command converts OpenSSL cipher lists into ordered +\&\s-1SSL\s0 cipher preference lists. It can be used as a test tool to determine +the appropriate cipherlist. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-v\fR" 4 +.IX Item "-v" +verbose option. List ciphers with a complete description of +protocol version (SSLv2 or SSLv3; the latter includes \s-1TLS\s0), key exchange, +authentication, encryption and mac algorithms used along with any key size +restrictions and whether the algorithm is classed as an \*(L"export\*(R" cipher. +Note that without the \fB\-v\fR option, ciphers may seem to appear twice +in a cipher list; this is when similar ciphers are available for +\&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1. +.Ip "\fB\-ssl3\fR" 4 +.IX Item "-ssl3" +only include \s-1SSL\s0 v3 ciphers. +.Ip "\fB\-ssl2\fR" 4 +.IX Item "-ssl2" +only include \s-1SSL\s0 v2 ciphers. +.Ip "\fB\-tls1\fR" 4 +.IX Item "-tls1" +only include \s-1TLS\s0 v1 ciphers. +.Ip "\fB\-h\fR, \fB\-?\fR" 4 +.IX Item "-h, -?" +print a brief usage message. +.Ip "\fBcipherlist\fR" 4 +.IX Item "cipherlist" +a cipher list to convert to a cipher preference list. If it is not included +then the default cipher list will be used. The format is described below. +.SH "CIPHER LIST FORMAT" +.IX Header "CIPHER LIST FORMAT" +The cipher list consists of one or more \fIcipher strings\fR separated by colons. +Commas or spaces are also acceptable separators but colons are normally used. +.PP +The actual cipher string can take several different forms. +.PP +It can consist of a single cipher suite such as \fB\s-1RC4\-SHA\s0\fR. +.PP +It can represent a list of cipher suites containing a certain algorithm, or +cipher suites of a certain type. For example \fB\s-1SHA1\s0\fR represents all ciphers +suites using the digest algorithm \s-1SHA1\s0 and \fBSSLv3\fR represents all \s-1SSL\s0 v3 +algorithms. +.PP +Lists of cipher suites can be combined in a single cipher string using the +\&\fB+\fR character. This is used as a logical \fBand\fR operation. For example +\&\fB\s-1SHA1+DES\s0\fR represents all cipher suites containing the \s-1SHA1\s0 \fBand\fR the \s-1DES\s0 +algorithms. +.PP +Each cipher string can be optionally preceded by the characters \fB!\fR, +\&\fB-\fR or \fB+\fR. +.PP +If \fB!\fR is used then the ciphers are permanently deleted from the list. +The ciphers deleted can never reappear in the list even if they are +explicitly stated. +.PP +If \fB-\fR is used then the ciphers are deleted from the list, but some or +all of the ciphers can be added again by later options. +.PP +If \fB+\fR is used then the ciphers are moved to the end of the list. This +option doesn't add any new ciphers it just moves matching existing ones. +.PP +If none of these characters is present then the string is just interpreted +as a list of ciphers to be appended to the current preference list. If the +list includes any ciphers already present they will be ignored: that is they +will not moved to the end of the list. +.PP +Additionally the cipher string \fB@STRENGTH\fR can be used at any point to sort +the current cipher list in order of encryption algorithm key length. +.SH "CIPHER STRINGS" +.IX Header "CIPHER STRINGS" +The following is a list of all permitted cipher strings and their meanings. +.Ip "\fB\s-1DEFAULT\s0\fR" 4 +.IX Item "DEFAULT" +the default cipher list. This is determined at compile time and is normally +\&\fB\s-1ALL:\s0!ADH:RC4+RSA:+SSLv2:@STRENGTH\fR. This must be the first cipher string +specified. +.Ip "\fB\s-1ALL\s0\fR" 4 +.IX Item "ALL" +all ciphers suites except the \fBeNULL\fR ciphers which must be explicitly enabled. +.Ip "\fB\s-1HIGH\s0\fR" 4 +.IX Item "HIGH" +\&\*(L"high\*(R" encryption cipher suites. This currently means those with key lengths larger +than 128 bits. +.Ip "\fB\s-1MEDIUM\s0\fR" 4 +.IX Item "MEDIUM" +\&\*(L"medium\*(R" encryption cipher suites, currently those using 128 bit encryption. +.Ip "\fB\s-1LOW\s0\fR" 4 +.IX Item "LOW" +\&\*(L"low\*(R" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms +but excluding export cipher suites. +.Ip "\fB\s-1EXP\s0\fR, \fB\s-1EXPORT\s0\fR" 4 +.IX Item "EXP, EXPORT" +export encryption algorithms. Including 40 and 56 bits algorithms. +.Ip "\fB\s-1EXPORT40\s0\fR" 4 +.IX Item "EXPORT40" +40 bit export encryption algorithms +.Ip "\fB\s-1EXPORT56\s0\fR" 4 +.IX Item "EXPORT56" +56 bit export encryption algorithms. +.Ip "\fBeNULL\fR, \fB\s-1NULL\s0\fR" 4 +.IX Item "eNULL, NULL" +the \*(L"\s-1NULL\s0\*(R" ciphers that is those offering no encryption. Because these offer no +encryption at all and are a security risk they are disabled unless explicitly +included. +.Ip "\fBaNULL\fR" 4 +.IX Item "aNULL" +the cipher suites offering no authentication. This is currently the anonymous +\&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R" +attack and so their use is normally discouraged. +.Ip "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4 +.IX Item "kRSA, RSA" +cipher suites using \s-1RSA\s0 key exchange. +.Ip "\fBkEDH\fR" 4 +.IX Item "kEDH" +cipher suites using ephemeral \s-1DH\s0 key agreement. +.Ip "\fBkDHr\fR, \fBkDHd\fR" 4 +.IX Item "kDHr, kDHd" +cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0 +and \s-1DSS\s0 keys respectively. Not implemented. +.Ip "\fBaRSA\fR" 4 +.IX Item "aRSA" +cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys. +.Ip "\fBaDSS\fR, \fB\s-1DSS\s0\fR" 4 +.IX Item "aDSS, DSS" +cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1DSS\s0 keys. +.Ip "\fBaDH\fR" 4 +.IX Item "aDH" +cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry +\&\s-1DH\s0 keys. Not implemented. +.Ip "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4 +.IX Item "kFZA, aFZA, eFZA, FZA" +ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all +\&\s-1FORTEZZA\s0 algorithms. Not implemented. +.Ip "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4 +.IX Item "TLSv1, SSLv3, SSLv2" +\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. +.Ip "\fB\s-1DH\s0\fR" 4 +.IX Item "DH" +cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. +.Ip "\fB\s-1ADH\s0\fR" 4 +.IX Item "ADH" +anonymous \s-1DH\s0 cipher suites. +.Ip "\fB3DES\fR" 4 +.IX Item "3DES" +cipher suites using triple \s-1DES\s0. +.Ip "\fB\s-1DES\s0\fR" 4 +.IX Item "DES" +cipher suites using \s-1DES\s0 (not triple \s-1DES\s0). +.Ip "\fB\s-1RC4\s0\fR" 4 +.IX Item "RC4" +cipher suites using \s-1RC4\s0. +.Ip "\fB\s-1RC2\s0\fR" 4 +.IX Item "RC2" +cipher suites using \s-1RC2\s0. +.Ip "\fB\s-1IDEA\s0\fR" 4 +.IX Item "IDEA" +cipher suites using \s-1IDEA\s0. +.Ip "\fB\s-1MD5\s0\fR" 4 +.IX Item "MD5" +cipher suites using \s-1MD5\s0. +.Ip "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 +.IX Item "SHA1, SHA" +cipher suites using \s-1SHA1\s0. +.SH "CIPHER SUITE NAMES" +.IX Header "CIPHER SUITE NAMES" +The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the +relevant specification and their OpenSSL equivalents. +.Sh "\s-1SSL\s0 v3.0 cipher suites." +.IX Subsection "SSL v3.0 cipher suites." +.Vb 10 +\& SSL_RSA_WITH_NULL_MD5 NULL-MD5 +\& SSL_RSA_WITH_NULL_SHA NULL-SHA +\& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 +\& SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 +\& SSL_RSA_WITH_RC4_128_SHA RC4-SHA +\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 +\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA +\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA +\& SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA +\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA +.Ve +.Vb 12 +\& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. +\& SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. +\& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. +\& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. +\& SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. +\& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. +\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA +\& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA +\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA +\& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA +.Ve +.Vb 5 +\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 +\& SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 +\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA +\& SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA +\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA +.Ve +.Vb 3 +\& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. +\& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. +.Ve +.Sh "\s-1TLS\s0 v1.0 cipher suites." +.IX Subsection "TLS v1.0 cipher suites." +.Vb 10 +\& TLS_RSA_WITH_NULL_MD5 NULL-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL-SHA +\& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 +\& TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4-SHA +\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA +\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA +\& TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA +.Ve +.Vb 12 +\& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. +\& TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. +\& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. +\& TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. +\& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. +\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA +\& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA +\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA +\& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA +.Ve +.Vb 5 +\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 +\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA +\& TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA +.Ve +.Sh "Additional Export 1024 and other cipher suites" +.IX Subsection "Additional Export 1024 and other cipher suites" +Note: these ciphers can also be used in \s-1SSL\s0 v3. +.PP +.Vb 5 +\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA +\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA +\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA +\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA +\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA +.Ve +.Sh "\s-1SSL\s0 v2.0 cipher suites." +.IX Subsection "SSL v2.0 cipher suites." +.Vb 7 +\& SSL_CK_RC4_128_WITH_MD5 RC4-MD5 +\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 +\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 +\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 +\& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 +\& SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 +\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 +.Ve +.SH "NOTES" +.IX Header "NOTES" +The non-ephemeral \s-1DH\s0 modes are currently unimplemented in OpenSSL +because there is no support for \s-1DH\s0 certificates. +.PP +Some compiled versions of OpenSSL may not include all the ciphers +listed here because some ciphers were excluded at compile time. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: +.PP +.Vb 1 +\& openssl ciphers -v 'ALL:eNULL' +.Ve +Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by +strength: +.PP +.Vb 1 +\& openssl ciphers -v 'ALL:!ADH:@STRENGTH' +.Ve +Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: +.PP +.Vb 1 +\& openssl ciphers -v '3DES:+RSA' +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +s_client(1), s_server(1), ssl(3) diff --git a/secure/lib/libcrypto/man/config.1 b/secure/lib/libcrypto/man/config.1 new file mode 100644 index 0000000..ff88004 --- /dev/null +++ b/secure/lib/libcrypto/man/config.1 @@ -0,0 +1,282 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CONFIG 1" +.TH CONFIG 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +config \- OpenSSL \s-1CONF\s0 library configuration files +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \s-1CONF\s0 library can be used to read configuration files. +It is used for the OpenSSL master configuration file \fBopenssl.cnf\fR +and in a few other places like \fB\s-1SPKAC\s0\fR files and certificate extension +files for the \fBx509\fR utility. +.PP +A configuration file is divided into a number of sections. Each section +starts with a line \fB[ section_name ]\fR and ends when a new section is +started or end of file is reached. A section name can consist of +alphanumeric characters and underscores. +.PP +The first section of a configuration file is special and is referred +to as the \fBdefault\fR section this is usually unnamed and is from the +start of file until the first named section. When a name is being looked up +it is first looked up in a named section (if any) and then the +default section. +.PP +The environment is mapped onto a section called \fB\s-1ENV\s0\fR. +.PP +Comments can be included by preceding them with the \fB#\fR character +.PP +Each section in a configuration file consists of a number of name and +value pairs of the form \fBname=value\fR +.PP +The \fBname\fR string can contain any alphanumeric characters as well as +a few punctuation symbols such as \fB.\fR \fB,\fR \fB;\fR and \fB_\fR. +.PP +The \fBvalue\fR string consists of the string following the \fB=\fR character +until end of line with any leading and trailing white space removed. +.PP +The value string undergoes variable expansion. This can be done by +including the form \fB$var\fR or \fB${var}\fR: this will substitute the value +of the named variable in the current section. It is also possible to +substitute a value from another section using the syntax \fB$section::name\fR +or \fB${section::name}\fR. By using the form \fB$ENV::name\fR environment +variables can be substituted. It is also possible to assign values to +environment variables by using the name \fB\s-1ENV:\s0:name\fR, this will work +if the program looks up environment variables using the \fB\s-1CONF\s0\fR library +instead of calling \fB\f(BIgetenv()\fB\fR directly. +.PP +It is possible to escape certain characters by using any kind of quote +or the \fB\e\fR character. By making the last character of a line a \fB\e\fR +a \fBvalue\fR string can be spread across multiple lines. In addition +the sequences \fB\en\fR, \fB\er\fR, \fB\eb\fR and \fB\et\fR are recognized. +.SH "NOTES" +.IX Header "NOTES" +If a configuration file attempts to expand a variable that doesn't exist +then an error is flagged and the file will not load. This can happen +if an attempt is made to expand an environment variable that doesn't +exist. For example the default OpenSSL master configuration file used +the value of \fB\s-1HOME\s0\fR which may not be defined on non Unix systems. +.PP +This can be worked around by including a \fBdefault\fR section to provide +a default value: then if the environment lookup fails the default value +will be used instead. For this to work properly the default value must +be defined earlier in the configuration file than the expansion. See +the \fB\s-1EXAMPLES\s0\fR section for an example of how to do this. +.PP +If the same variable exists in the same section then all but the last +value will be silently ignored. In certain circumstances such as with +DNs the same field may occur multiple times. This is usually worked +around by ignoring any characters before an initial \fB.\fR e.g. +.PP +.Vb 2 +\& 1.OU="My first OU" +\& 2.OU="My Second OU" +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Here is a sample configuration file using some of the features +mentioned above. +.PP +.Vb 1 +\& # This is the default section. +.Ve +.Vb 3 +\& HOME=/temp +\& RANDFILE= ${ENV::HOME}/.rnd +\& configdir=$ENV::HOME/config +.Ve +.Vb 1 +\& [ section_one ] +.Ve +.Vb 1 +\& # We are now in section one. +.Ve +.Vb 2 +\& # Quotes permit leading and trailing whitespace +\& any = " any variable name " +.Ve +.Vb 3 +\& other = A string that can \e +\& cover several lines \e +\& by including \e\e characters +.Ve +.Vb 1 +\& message = Hello World\en +.Ve +.Vb 1 +\& [ section_two ] +.Ve +.Vb 1 +\& greeting = $section_one::message +.Ve +This next example shows how to expand environment variables safely. +.PP +Suppose you want a variable called \fBtmpfile\fR to refer to a +temporary filename. The directory it is placed in can determined by +the the \fB\s-1TEMP\s0\fR or \fB\s-1TMP\s0\fR environment variables but they may not be +set to any value at all. If you just include the environment variable +names and the variable doesn't exist then this will cause an error when +an attempt is made to load the configuration file. By making use of the +default section both values can be looked up with \fB\s-1TEMP\s0\fR taking +priority and \fB/tmp\fR used if neither is defined: +.PP +.Vb 5 +\& TMP=/tmp +\& # The above value is used if TMP isn't in the environment +\& TEMP=$ENV::TMP +\& # The above value is used if TEMP isn't in the environment +\& tmpfile=${ENV::TEMP}/tmp.filename +.Ve +.SH "BUGS" +.IX Header "BUGS" +Currently there is no way to include characters using the octal \fB\ennn\fR +form. Strings are all null terminated so nulls cannot form part of +the value. +.PP +The escaping isn't quite right: if you want to use sequences like \fB\en\fR +you can't use any quote escaping on the same line. +.PP +Files are loaded in a single pass. This means that an variable expansion +will only work if the variables referenced are defined earlier in the +file. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +x509(1), req(1), ca(1) diff --git a/secure/lib/libcrypto/man/crl.1 b/secure/lib/libcrypto/man/crl.1 new file mode 100644 index 0000000..fb19761 --- /dev/null +++ b/secure/lib/libcrypto/man/crl.1 @@ -0,0 +1,237 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:04 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CRL 1" +.TH CRL 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +crl \- \s-1CRL\s0 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBcrl\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-text\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-hash\fR] +[\fB\-issuer\fR] +[\fB\-lastupdate\fR] +[\fB\-nextupdate\fR] +[\fB\-CAfile file\fR] +[\fB\-CApath dir\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcrl\fR command processes \s-1CRL\s0 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 +structure. \fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +print out the \s-1CRL\s0 in text form. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +don't output the encoded version of the \s-1CRL\s0. +.Ip "\fB\-hash\fR" 4 +.IX Item "-hash" +output a hash of the issuer name. This can be use to lookup CRLs in +a directory by issuer name. +.Ip "\fB\-issuer\fR" 4 +.IX Item "-issuer" +output the issuer name. +.Ip "\fB\-lastupdate\fR" 4 +.IX Item "-lastupdate" +output the lastUpdate field. +.Ip "\fB\-nextupdate\fR" 4 +.IX Item "-nextupdate" +output the nextUpdate field. +.Ip "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in +\&\fBfile\fR +.Ip "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +verify the signature on a \s-1CRL\s0 by looking up the issuing certificate in +\&\fBdir\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN X509 CRL----- +\& -----END X509 CRL----- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl crl -in crl.pem -outform DER -out crl.der +.Ve +Output the text form of a \s-1DER\s0 encoded certificate: +.PP +.Vb 1 +\& openssl crl -in crl.der -text -noout +.Ve +.SH "BUGS" +.IX Header "BUGS" +Ideally it should be possible to create a \s-1CRL\s0 using appropriate options +and files too. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +crl2pkcs7(1), ca(1), x509(1) diff --git a/secure/lib/libcrypto/man/crl2pkcs7.1 b/secure/lib/libcrypto/man/crl2pkcs7.1 new file mode 100644 index 0000000..a104ea6 --- /dev/null +++ b/secure/lib/libcrypto/man/crl2pkcs7.1 @@ -0,0 +1,215 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:06 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CRL2PKCS7 1" +.TH CRL2PKCS7 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs7\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-print_certs\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBcrl2pkcs7\fR command takes an optional \s-1CRL\s0 and one or more +certificates and converts them into a PKCS#7 degenerate \*(L"certificates +only\*(R" structure. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the \s-1CRL\s0 input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1CRL\s0 +structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the PKCS#7 structure output format. \fB\s-1DER\s0\fR format is \s-1DER\s0 +encoded PKCS#7 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a \s-1CRL\s0 from or standard input if this +option is not specified. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write the PKCS#7 structure to or standard +output by default. +.Ip "\fB\-certfile filename\fR" 4 +.IX Item "-certfile filename" +specifies a filename containing one or more certificates in \fB\s-1PEM\s0\fR format. +All certificates in the file will be added to the PKCS#7 structure. This +option can be used more than once to read certificates form multiple +files. +.Ip "\fB\-nocrl\fR" 4 +.IX Item "-nocrl" +normally a \s-1CRL\s0 is included in the output file. With this option no \s-1CRL\s0 is +included in the output file and a \s-1CRL\s0 is not read from the input file. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 +.PP +.Vb 1 +\& openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem +.Ve +Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several +different certificates: +.PP +.Vb 2 +\& openssl crl2pkcs7 -nocrl -certfile newcert.pem +\& -certfile demoCA/cacert.pem -outform DER -out p7.der +.Ve +.SH "NOTES" +.IX Header "NOTES" +The output file is a PKCS#7 signed data structure containing no signers and +just certificates and an optional \s-1CRL\s0. +.PP +This utility can be used to send certificates and CAs to Netscape as part of +the certificate enrollment process. This involves sending the \s-1DER\s0 encoded output +as \s-1MIME\s0 type application/x-x509\-user-cert. +.PP +The \fB\s-1PEM\s0\fR encoded form with the header and footer lines removed can be used to +install user certificates and CAs in \s-1MSIE\s0 using the Xenroll control. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +pkcs7(1) diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 new file mode 100644 index 0000000..582061a --- /dev/null +++ b/secure/lib/libcrypto/man/crypto.3 @@ -0,0 +1,191 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "CRYPTO 1" +.TH CRYPTO 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +crypto \- OpenSSL cryptographic library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBcrypto\fR library implements a wide range of cryptographic +algorithms used in various Internet standards. The services provided +by this library are used by the OpenSSL implementations of \s-1SSL\s0, \s-1TLS\s0 +and S/MIME, and they have also been used to implement \s-1SSH\s0, OpenPGP, and +other cryptographic standards. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +\&\fBlibcrypto\fR consists of a number of sub-libraries that implement the +individual algorithms. +.PP +The functionality includes symmetric encryption, public key +cryptography and key agreement, certificate handling, cryptographic +hash functions and a cryptographic pseudo-random number generator. +.Ip "\s-1SYMMETRIC\s0 \s-1CIPHERS\s0" 4 +.IX Item "SYMMETRIC CIPHERS" +blowfish(3), cast(3), des(3), +idea(3), rc2(3), rc4(3), rc5(3) +.Ip "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1CRYPTOGRAPHY\s0 \s-1AND\s0 \s-1KEY\s0 \s-1AGREEMENT\s0" 4 +.IX Item "PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT" +dsa(3), dh(3), rsa(3) +.Ip "\s-1CERTIFICATES\s0" 4 +.IX Item "CERTIFICATES" +x509(3), x509v3(3) +.Ip "\s-1AUTHENTICATION\s0 \s-1CODES\s0, \s-1HASH\s0 \s-1FUNCTIONS\s0" 4 +.IX Item "AUTHENTICATION CODES, HASH FUNCTIONS" +hmac(3), md2(3), md4(3), +md5(3), mdc2(3), ripemd(3), +sha(3) +.Ip "\s-1AUXILIARY\s0 \s-1FUNCTIONS\s0" 4 +.IX Item "AUXILIARY FUNCTIONS" +err(3), threads(3), rand(3) +.Ip "\s-1INPUT/OUTPUT\s0, \s-1DATA\s0 \s-1ENCODING\s0" 4 +.IX Item "INPUT/OUTPUT, DATA ENCODING" +asn1(3), bio(3), evp(3), pem(3), +pkcs7(3), pkcs12(3) +.Ip "\s-1INTERNAL\s0 \s-1FUNCTIONS\s0" 4 +.IX Item "INTERNAL FUNCTIONS" +bn(3), buffer(3), lhash(3), +objects(3), stack(3), +txt_db(3) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +openssl(1), ssl(3) diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 new file mode 100644 index 0000000..c79d690 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -0,0 +1,165 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:03 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "D2I_DHPARAMS 1" +.TH D2I_DHPARAMS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +d2i_DHparams, i2d_DHparams \- ... +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 2 +\& DH *d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&... +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&... +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&... +.SH "HISTORY" +.IX Header "HISTORY" +\&... diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 new file mode 100644 index 0000000..1f5e8cc --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:05 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "D2I_RSAPUBLICKEY 1" +.TH D2I_RSAPUBLICKEY 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ... +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 1 +\& RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_RSAPublicKey(RSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); +.Ve +.Vb 1 +\& int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); +.Ve +.Vb 1 +\& int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); +.Ve +.Vb 1 +\& RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&... +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&... +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&... +.SH "HISTORY" +.IX Header "HISTORY" +\&... diff --git a/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 new file mode 100644 index 0000000..0468710 --- /dev/null +++ b/secure/lib/libcrypto/man/d2i_SSL_SESSION.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:48 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "D2I_SSL_SESSION 1" +.TH D2I_SSL_SESSION 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ssl.h> +.Ve +.Vb 2 +\& SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length); +\& int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fId2i_SSL_SESSION()\fR transforms the external \s-1ASN1\s0 representation of an \s-1SSL/TLS\s0 +session, stored as binary data at location \fBpp\fR with length \fBlength\fR, into +an \s-1SSL_SESSION\s0 object. +.PP +\&\fIi2d_SSL_SESSION()\fR transforms the \s-1SSL_SESSION\s0 object \fBin\fR into the \s-1ASN1\s0 +representation and stores it into the memory location pointed to by \fBpp\fR. +The length of the resulting \s-1ASN1\s0 representation is returned. If \fBpp\fR is +the \s-1NULL\s0 pointer, only the length is calculated and returned. +.SH "NOTES" +.IX Header "NOTES" +The \s-1SSL_SESSION\s0 object is built from several \fImalloc()\fRed parts, it can +therefore not be moved, copied or stored directly. In order to store +session data on disk or into a database, it must be transformed into +a binary \s-1ASN1\s0 representation. +.PP +When using \fId2i_SSL_SESSION()\fR, the \s-1SSL_SESSION\s0 object is automatically +allocated. The reference count is 1, so that the session must be +explicitly removed using SSL_SESSION_free(3), +unless the \s-1SSL_SESSION\s0 object is completely taken over, when being called +inside the \fIget_session_cb()\fR (see +SSL_CTX_sess_set_get_cb(3)). +.PP +\&\s-1SSL_SESSION\s0 objects keep internal link information about the session cache +list, when being inserted into one \s-1SSL_CTX\s0 object's session cache. +One \s-1SSL_SESSION\s0 object, regardless of its reference count, must therefore +only be used with one \s-1SSL_CTX\s0 object (and the \s-1SSL\s0 objects created +from this \s-1SSL_CTX\s0 object). +.PP +When using \fIi2d_SSL_SESSION()\fR, the memory location pointed to by \fBpp\fR must be +large enough to hold the binary representation of the session. There is no +known limit on the size of the created \s-1ASN1\s0 representation, so the necessary +amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with +\&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and +call \fIi2d_SSL_SESSION()\fR again. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 +object. In case of failure the NULL-pointer is returned and the error message +can be retrieved from the error stack. +.PP +\&\fIi2d_SSL_SESSION()\fR returns the size of the \s-1ASN1\s0 representation in bytes. +When the session is not valid, \fB0\fR is returned and no operation is performed. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ssl(3), SSL_SESSION_free(3), +SSL_CTX_sess_set_get_cb(3) diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 new file mode 100644 index 0000000..20d9843 --- /dev/null +++ b/secure/lib/libcrypto/man/des.3 @@ -0,0 +1,519 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:08 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DES 1" +.TH DES 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +des_random_key, des_set_key, des_key_sched, des_set_key_checked, +des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, +des_ecb_encrypt, des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, +des_cfb_encrypt, des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, +des_ofb64_encrypt, des_xcbc_encrypt, des_ede2_cbc_encrypt, +des_ede2_cfb64_encrypt, des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, +des_ede3_cbcm_encrypt, des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, +des_read_password, des_read_2passwords, des_read_pw_string, +des_cbc_cksum, des_quad_cksum, des_string_to_key, des_string_to_2keys, +des_fcrypt, des_crypt, des_enc_read, des_enc_write \- \s-1DES\s0 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/des.h> +.Ve +.Vb 1 +\& void des_random_key(des_cblock *ret); +.Ve +.Vb 6 +\& int des_set_key(const_des_cblock *key, des_key_schedule schedule); +\& int des_key_sched(const_des_cblock *key, des_key_schedule schedule); +\& int des_set_key_checked(const_des_cblock *key, +\& des_key_schedule schedule); +\& void des_set_key_unchecked(const_des_cblock *key, +\& des_key_schedule schedule); +.Ve +.Vb 2 +\& void des_set_odd_parity(des_cblock *key); +\& int des_is_weak_key(const_des_cblock *key); +.Ve +.Vb 7 +\& void des_ecb_encrypt(const_des_cblock *input, des_cblock *output, +\& des_key_schedule ks, int enc); +\& void des_ecb2_encrypt(const_des_cblock *input, des_cblock *output, +\& des_key_schedule ks1, des_key_schedule ks2, int enc); +\& void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, +\& des_key_schedule ks1, des_key_schedule ks2, +\& des_key_schedule ks3, int enc); +.Ve +.Vb 18 +\& void des_ncbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, des_key_schedule schedule, des_cblock *ivec, +\& int enc); +\& void des_cfb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, des_key_schedule schedule, +\& des_cblock *ivec, int enc); +\& void des_ofb_encrypt(const unsigned char *in, unsigned char *out, +\& int numbits, long length, des_key_schedule schedule, +\& des_cblock *ivec); +\& void des_pcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, des_key_schedule schedule, des_cblock *ivec, +\& int enc); +\& void des_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, des_key_schedule schedule, des_cblock *ivec, +\& int *num, int enc); +\& void des_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, des_key_schedule schedule, des_cblock *ivec, +\& int *num); +.Ve +.Vb 3 +\& void des_xcbc_encrypt(const unsigned char *input, unsigned char *output, +\& long length, des_key_schedule schedule, des_cblock *ivec, +\& const_des_cblock *inw, const_des_cblock *outw, int enc); +.Ve +.Vb 9 +\& void des_ede2_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, des_key_schedule ks1, +\& des_key_schedule ks2, des_cblock *ivec, int enc); +\& void des_ede2_cfb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, des_key_schedule ks1, +\& des_key_schedule ks2, des_cblock *ivec, int *num, int enc); +\& void des_ede2_ofb64_encrypt(const unsigned char *in, +\& unsigned char *out, long length, des_key_schedule ks1, +\& des_key_schedule ks2, des_cblock *ivec, int *num); +.Ve +.Vb 15 +\& void des_ede3_cbc_encrypt(const unsigned char *input, +\& unsigned char *output, long length, des_key_schedule ks1, +\& des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, +\& int enc); +\& void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, +\& long length, des_key_schedule ks1, des_key_schedule ks2, +\& des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, +\& int enc); +\& void des_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, des_key_schedule ks1, des_key_schedule ks2, +\& des_key_schedule ks3, des_cblock *ivec, int *num, int enc); +\& void des_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, +\& long length, des_key_schedule ks1, +\& des_key_schedule ks2, des_key_schedule ks3, +\& des_cblock *ivec, int *num); +.Ve +.Vb 5 +\& int des_read_password(des_cblock *key, const char *prompt, int verify); +\& int des_read_2passwords(des_cblock *key1, des_cblock *key2, +\& const char *prompt, int verify); +\& int des_read_pw_string(char *buf, int length, const char *prompt, +\& int verify); +.Ve +.Vb 8 +\& DES_LONG des_cbc_cksum(const unsigned char *input, des_cblock *output, +\& long length, des_key_schedule schedule, +\& const_des_cblock *ivec); +\& DES_LONG des_quad_cksum(const unsigned char *input, des_cblock output[], +\& long length, int out_count, des_cblock *seed); +\& void des_string_to_key(const char *str, des_cblock *key); +\& void des_string_to_2keys(const char *str, des_cblock *key1, +\& des_cblock *key2); +.Ve +.Vb 3 +\& char *des_fcrypt(const char *buf, const char *salt, char *ret); +\& char *des_crypt(const char *buf, const char *salt); +\& char *crypt(const char *buf, const char *salt); +.Ve +.Vb 4 +\& int des_enc_read(int fd, void *buf, int len, des_key_schedule sched, +\& des_cblock *iv); +\& int des_enc_write(int fd, const void *buf, int len, +\& des_key_schedule sched, des_cblock *iv); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library contains a fast implementation of the \s-1DES\s0 encryption +algorithm. +.PP +There are two phases to the use of \s-1DES\s0 encryption. The first is the +generation of a \fIdes_key_schedule\fR from a key, the second is the +actual encryption. A \s-1DES\s0 key is of type \fIdes_cblock\fR. This type is +consists of 8 bytes with odd parity. The least significant bit in +each byte is the parity bit. The key schedule is an expanded form of +the key; it is used to speed the encryption process. +.PP +\&\fIdes_random_key()\fR generates a random key. The \s-1PRNG\s0 must be seeded +prior to using this function (see rand(3); for backward +compatibility the function \fIdes_random_seed()\fR is available as well). +If the \s-1PRNG\s0 could not generate a secure key, 0 is returned. In +earlier versions of the library, \fIdes_random_key()\fR did not generate +secure keys. +.PP +Before a \s-1DES\s0 key can be used, it must be converted into the +architecture dependent \fIdes_key_schedule\fR via the +\&\fIdes_set_key_checked()\fR or \fIdes_set_key_unchecked()\fR function. +.PP +\&\fIdes_set_key_checked()\fR will check that the key passed is of odd parity +and is not a week or semi-weak key. If the parity is wrong, then \-1 +is returned. If the key is a weak key, then \-2 is returned. If an +error is returned, the key schedule is not generated. +.PP +\&\fIdes_set_key()\fR (called \fIdes_key_sched()\fR in the \s-1MIT\s0 library) works like +\&\fIdes_set_key_checked()\fR if the \fIdes_check_key\fR flag is non-zero, +otherwise like \fIdes_set_key_unchecked()\fR. These functions are available +for compatibility; it is recommended to use a function that does not +depend on a global variable. +.PP +\&\fIdes_set_odd_parity()\fR (called \fIdes_fixup_key_parity()\fR in the \s-1MIT\s0 +library) sets the parity of the passed \fIkey\fR to odd. +.PP +\&\fIdes_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it +is ok. The probability that a randomly generated key is weak is +1/2^52, so it is not really worth checking for them. +.PP +The following routines mostly operate on an input and output stream of +\&\fIdes_cblock\fRs. +.PP +\&\fIdes_ecb_encrypt()\fR is the basic \s-1DES\s0 encryption routine that encrypts or +decrypts a single 8\-byte \fIdes_cblock\fR in \fIelectronic code book\fR +(\s-1ECB\s0) mode. It always transforms the input data, pointed to by +\&\fIinput\fR, into the output data, pointed to by the \fIoutput\fR argument. +If the \fIencrypt\fR argument is non-zero (\s-1DES_ENCRYPT\s0), the \fIinput\fR +(cleartext) is encrypted in to the \fIoutput\fR (ciphertext) using the +key_schedule specified by the \fIschedule\fR argument, previously set via +\&\fIdes_set_key\fR. If \fIencrypt\fR is zero (\s-1DES_DECRYPT\s0), the \fIinput\fR (now +ciphertext) is decrypted into the \fIoutput\fR (now cleartext). Input +and output may overlap. \fIdes_ecb_encrypt()\fR does not return a value. +.PP +\&\fIdes_ecb3_encrypt()\fR encrypts/decrypts the \fIinput\fR block by using +three-key Triple-DES encryption in \s-1ECB\s0 mode. This involves encrypting +the input with \fIks1\fR, decrypting with the key schedule \fIks2\fR, and +then encrypting with \fIks3\fR. This routine greatly reduces the chances +of brute force breaking of \s-1DES\s0 and has the advantage of if \fIks1\fR, +\&\fIks2\fR and \fIks3\fR are the same, it is equivalent to just encryption +using \s-1ECB\s0 mode and \fIks1\fR as the key. +.PP +The macro \fIdes_ecb2_encrypt()\fR is provided to perform two-key Triple-DES +encryption by using \fIks1\fR for the final encryption. +.PP +\&\fIdes_ncbc_encrypt()\fR encrypts/decrypts using the \fIcipher-block-chaining\fR +(\s-1CBC\s0) mode of \s-1DES\s0. If the \fIencrypt\fR argument is non-zero, the +routine cipher-block-chain encrypts the cleartext data pointed to by +the \fIinput\fR argument into the ciphertext pointed to by the \fIoutput\fR +argument, using the key schedule provided by the \fIschedule\fR argument, +and initialization vector provided by the \fIivec\fR argument. If the +\&\fIlength\fR argument is not an integral multiple of eight bytes, the +last block is copied to a temporary area and zero filled. The output +is always an integral multiple of eight bytes. +.PP +\&\fIdes_xcbc_encrypt()\fR is \s-1RSA\s0's \s-1DESX\s0 mode of \s-1DES\s0. It uses \fIinw\fR and +\&\fIoutw\fR to 'whiten' the encryption. \fIinw\fR and \fIoutw\fR are secret +(unlike the iv) and are as such, part of the key. So the key is sort +of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. +.PP +\&\fIdes_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with +three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is +really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. +.PP +The \fIdes_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by +reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. +This form of Triple-DES is used by the \s-1RSAREF\s0 library. +.PP +\&\fIdes_pcbc_encrypt()\fR encrypt/decrypts using the propagating cipher block +chaining mode used by Kerberos v4. Its parameters are the same as +\&\fIdes_ncbc_encrypt()\fR. +.PP +\&\fIdes_cfb_encrypt()\fR encrypt/decrypts using cipher feedback mode. This +method takes an array of characters as input and outputs and array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES\s0 \s-1ECB\s0 encryption per \fInumbits\fR, this function is only +suggested for use when sending small numbers of characters. +.PP +\&\fIdes_cfb64_encrypt()\fR +implements \s-1CFB\s0 mode of \s-1DES\s0 with 64bit feedback. Why is this +useful you ask? Because this routine will allow you to encrypt an +arbitrary number of bytes, no 8 byte padding. Each call to this +routine will encrypt the input bytes to output and then update ivec +and num. num contains 'how far' we are though ivec. If this does +not make much sense, read more about cfb mode of \s-1DES\s0 :\-). +.PP +\&\fIdes_ede3_cfb64_encrypt()\fR and \fIdes_ede2_cfb64_encrypt()\fR is the same as +\&\fIdes_cfb64_encrypt()\fR except that Triple-DES is used. +.PP +\&\fIdes_ofb_encrypt()\fR encrypts using output feedback mode. This method +takes an array of characters as input and outputs and array of +characters. It does not require any padding to 8 character groups. +Note: the \fIivec\fR variable is changed and the new changed value needs to +be passed to the next call to this function. Since this function runs +a complete \s-1DES\s0 \s-1ECB\s0 encryption per numbits, this function is only +suggested for use when sending small numbers of characters. +.PP +\&\fIdes_ofb64_encrypt()\fR is the same as \fIdes_cfb64_encrypt()\fR using Output +Feed Back mode. +.PP +\&\fIdes_ede3_ofb64_encrypt()\fR and \fIdes_ede2_ofb64_encrypt()\fR is the same as +\&\fIdes_ofb64_encrypt()\fR, using Triple-DES. +.PP +The following functions are included in the \s-1DES\s0 library for +compatibility with the \s-1MIT\s0 Kerberos library. \fIdes_read_pw_string()\fR +is also available under the name \fIEVP_read_pw_string()\fR. +.PP +\&\fIdes_read_pw_string()\fR writes the string specified by \fIprompt\fR to +standard output, turns echo off and reads in input string from the +terminal. The string is returned in \fIbuf\fR, which must have space for +at least \fIlength\fR bytes. If \fIverify\fR is set, the user is asked for +the password twice and unless the two copies match, an error is +returned. A return code of \-1 indicates a system error, 1 failure due +to use interaction, and 0 is success. +.PP +\&\fIdes_read_password()\fR does the same and converts the password to a \s-1DES\s0 +key by calling \fIdes_string_to_key()\fR; \fIdes_read_2password()\fR operates in +the same way as \fIdes_read_password()\fR except that it generates two keys +by using the \fIdes_string_to_2key()\fR function. \fIdes_string_to_key()\fR is +available for backward compatibility with the \s-1MIT\s0 library. New +applications should use a cryptographic hash function. The same +applies for \fIdes_string_to_2key()\fR. +.PP +\&\fIdes_cbc_cksum()\fR produces an 8 byte checksum based on the input stream +(via \s-1CBC\s0 encryption). The last 4 bytes of the checksum are returned +and the complete 8 bytes are placed in \fIoutput\fR. This function is +used by Kerberos v4. Other applications should use +EVP_DigestInit(3) etc. instead. +.PP +\&\fIdes_quad_cksum()\fR is a Kerberos v4 function. It returns a 4 byte +checksum from the input bytes. The algorithm can be iterated over the +input, depending on \fIout_count\fR, 1, 2, 3 or 4 times. If \fIoutput\fR is +non-NULL, the 8 bytes generated by each pass are written into +\&\fIoutput\fR. +.PP +The following are DES-based transformations: +.PP +\&\fIdes_fcrypt()\fR is a fast version of the Unix \fIcrypt\fR\|(3) function. This +version takes only a small amount of space relative to other fast +\&\fIcrypt()\fR implementations. This is different to the normal crypt in +that the third parameter is the buffer that the return value is +written into. It needs to be at least 14 bytes long. This function +is thread safe, unlike the normal crypt. +.PP +\&\fIdes_crypt()\fR is a faster replacement for the normal system \fIcrypt()\fR. +This function calls \fIdes_fcrypt()\fR with a static array passed as the +third parameter. This emulates the normal non-thread safe semantics +of \fIcrypt\fR\|(3). +.PP +\&\fIdes_enc_write()\fR writes \fIlen\fR bytes to file descriptor \fIfd\fR from +buffer \fIbuf\fR. The data is encrypted via \fIpcbc_encrypt\fR (default) +using \fIsched\fR for the key and \fIiv\fR as a starting vector. The actual +data send down \fIfd\fR consists of 4 bytes (in network byte order) +containing the length of the following encrypted data. The encrypted +data then follows, padded with random data out to a multiple of 8 +bytes. +.PP +\&\fIdes_enc_read()\fR is used to read \fIlen\fR bytes from file descriptor +\&\fIfd\fR into buffer \fIbuf\fR. The data being read from \fIfd\fR is assumed to +have come from \fIdes_enc_write()\fR and is decrypted using \fIsched\fR for +the key schedule and \fIiv\fR for the initial vector. +.PP +\&\fBWarning:\fR The data format used by \fIdes_enc_write()\fR and \fIdes_enc_read()\fR +has a cryptographic weakness: When asked to write more than \s-1MAXWRITE\s0 +bytes, \fIdes_enc_write()\fR will split the data into several chunks that +are all encrypted using the same \s-1IV\s0. So don't use these functions +unless you are sure you know what you do (in which case you might not +want to use them anyway). They cannot handle non-blocking sockets. +\&\fIdes_enc_read()\fR uses an internal state and thus cannot be used on +multiple files. +.PP +\&\fIdes_rw_mode\fR is used to specify the encryption mode to use with +\&\fIdes_enc_read()\fR and \fIdes_end_write()\fR. If set to \fI\s-1DES_PCBC_MODE\s0\fR (the +default), des_pcbc_encrypt is used. If set to \fI\s-1DES_CBC_MODE\s0\fR +des_cbc_encrypt is used. +.SH "NOTES" +.IX Header "NOTES" +Single-key \s-1DES\s0 is insecure due to its short key size. \s-1ECB\s0 mode is +not suitable for most applications; see des_modes(7). +.PP +The evp(3) library provides higher-level encryption functions. +.SH "BUGS" +.IX Header "BUGS" +\&\fIdes_3cbc_encrypt()\fR is flawed and must not be used in applications. +.PP +\&\fIdes_cbc_encrypt()\fR does not modify \fBivec\fR; use \fIdes_ncbc_encrypt()\fR +instead. +.PP +\&\fIdes_cfb_encrypt()\fR and \fIdes_ofb_encrypt()\fR operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of +the second input byte. The second 12 bits will have the low 8 bits +taken from the 3rd input byte and the top 4 bits taken from the 4th +input byte. The same holds for output. This function has been +implemented this way because most people will be using a multiple of 8 +and because once you get into pulling bytes input bytes apart things +get ugly! +.PP +\&\fIdes_read_pw_string()\fR is the most machine/OS dependent function and +normally generates the most problems when porting this code. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ANSI\s0 X3.106 +.PP +The \fBdes\fR library was written to be source code compatible with +the \s-1MIT\s0 Kerberos library. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIcrypt\fR\|(3), des_modes(7), evp(3), rand(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIdes_cbc_cksum()\fR, \fIdes_cbc_encrypt()\fR, \fIdes_ecb_encrypt()\fR, +\&\fIdes_is_weak_key()\fR, \fIdes_key_sched()\fR, \fIdes_pcbc_encrypt()\fR, +\&\fIdes_quad_cksum()\fR, \fIdes_random_key()\fR, \fIdes_read_password()\fR and +\&\fIdes_string_to_key()\fR are available in the \s-1MIT\s0 Kerberos library; +\&\fIdes_check_key_parity()\fR, \fIdes_fixup_key_parity()\fR and \fIdes_is_weak_key()\fR +are available in newer versions of that library. +.PP +\&\fIdes_set_key_checked()\fR and \fIdes_set_key_unchecked()\fR were added in +OpenSSL 0.9.5. +.PP +\&\fIdes_generate_random_block()\fR, \fIdes_init_random_number_generator()\fR, +\&\fIdes_new_random_key()\fR, \fIdes_set_random_generator_seed()\fR and +\&\fIdes_set_sequence_number()\fR and \fIdes_rand_data()\fR are used in newer +versions of Kerberos but are not implemented here. +.PP +\&\fIdes_random_key()\fR generated cryptographically weak random data in +SSLeay and in OpenSSL prior version 0.9.5, as well as in the original +\&\s-1MIT\s0 library. +.SH "AUTHOR" +.IX Header "AUTHOR" +Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project +(http://www.openssl.org). diff --git a/secure/lib/libcrypto/man/des_modes.3 b/secure/lib/libcrypto/man/des_modes.3 new file mode 100644 index 0000000..8b2ac65 --- /dev/null +++ b/secure/lib/libcrypto/man/des_modes.3 @@ -0,0 +1,290 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:11 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DES_MODES 1" +.TH DES_MODES 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +Several crypto algorithms for OpenSSL can be used in a number of modes. Those +are used for using block ciphers in a way similar to stream ciphers, among +other things. +.SH "OVERVIEW" +.IX Header "OVERVIEW" +.Sh "Electronic Codebook Mode (\s-1ECB\s0)" +.IX Subsection "Electronic Codebook Mode (ECB)" +Normally, this is found as the function \fIalgorithm\fR\fI_ecb_encrypt()\fR. +.Ip "\(bu" 2 +64 bits are enciphered at a time. +.Ip "\(bu" 2 +The order of the blocks can be rearranged without detection. +.Ip "\(bu" 2 +The same plaintext block always produces the same ciphertext block +(for the same key) making it vulnerable to a 'dictionary attack'. +.Ip "\(bu" 2 +An error will only affect one ciphertext block. +.Sh "Cipher Block Chaining Mode (\s-1CBC\s0)" +.IX Subsection "Cipher Block Chaining Mode (CBC)" +Normally, this is found as the function \fIalgorithm\fR\fI_cbc_encrypt()\fR. +Be aware that \fIdes_cbc_encrypt()\fR is not really \s-1DES\s0 \s-1CBC\s0 (it does +not update the \s-1IV\s0); use \fIdes_ncbc_encrypt()\fR instead. +.Ip "\(bu" 2 +a multiple of 64 bits are enciphered at a time. +.Ip "\(bu" 2 +The \s-1CBC\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.Ip "\(bu" 2 +The chaining operation makes the ciphertext blocks dependent on the +current and all preceding plaintext blocks and therefore blocks can not +be rearranged. +.Ip "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.Ip "\(bu" 2 +An error will affect the current and the following ciphertext blocks. +.Sh "Cipher Feedback Mode (\s-1CFB\s0)" +.IX Subsection "Cipher Feedback Mode (CFB)" +Normally, this is found as the function \fIalgorithm\fR\fI_cfb_encrypt()\fR. +.Ip "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.Ip "\(bu" 2 +The \s-1CFB\s0 mode produces the same ciphertext whenever the same +plaintext is encrypted using the same key and starting variable. +.Ip "\(bu" 2 +The chaining operation makes the ciphertext variables dependent on the +current and all preceding variables and therefore j-bit variables are +chained together and can not be rearranged. +.Ip "\(bu" 2 +The use of different starting variables prevents the same plaintext +enciphering to the same ciphertext. +.Ip "\(bu" 2 +The strength of the \s-1CFB\s0 mode depends on the size of k (maximal if +j == k). In my implementation this is always the case. +.Ip "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.Ip "\(bu" 2 +Only multiples of j bits can be enciphered. +.Ip "\(bu" 2 +An error will affect the current and the following ciphertext variables. +.Sh "Output Feedback Mode (\s-1OFB\s0)" +.IX Subsection "Output Feedback Mode (OFB)" +Normally, this is found as the function \fIalgorithm\fR\fI_ofb_encrypt()\fR. +.Ip "\(bu" 2 +a number of bits (j) <= 64 are enciphered at a time. +.Ip "\(bu" 2 +The \s-1OFB\s0 mode produces the same ciphertext whenever the same +plaintext enciphered using the same key and starting variable. More +over, in the \s-1OFB\s0 mode the same key stream is produced when the same +key and start variable are used. Consequently, for security reasons +a specific start variable should be used only once for a given key. +.Ip "\(bu" 2 +The absence of chaining makes the \s-1OFB\s0 more vulnerable to specific attacks. +.Ip "\(bu" 2 +The use of different start variables values prevents the same +plaintext enciphering to the same ciphertext, by producing different +key streams. +.Ip "\(bu" 2 +Selection of a small value for j will require more cycles through +the encipherment algorithm per unit of plaintext and thus cause +greater processing overheads. +.Ip "\(bu" 2 +Only multiples of j bits can be enciphered. +.Ip "\(bu" 2 +\&\s-1OFB\s0 mode of operation does not extend ciphertext errors in the +resultant plaintext output. Every bit error in the ciphertext causes +only one bit to be in error in the deciphered plaintext. +.Ip "\(bu" 2 +\&\s-1OFB\s0 mode is not self-synchronizing. If the two operation of +encipherment and decipherment get out of synchronism, the system needs +to be re-initialized. +.Ip "\(bu" 2 +Each re-initialization should use a value of the start variable +different from the start variable values used before with the same +key. The reason for this is that an identical bit stream would be +produced each time from the same parameters. This would be +susceptible to a 'known plaintext' attack. +.Sh "Triple \s-1ECB\s0 Mode" +.IX Subsection "Triple ECB Mode" +Normally, this is found as the function \fIalgorithm\fR\fI_ecb3_encrypt()\fR. +.Ip "\(bu" 2 +Encrypt with key1, decrypt with key2 and encrypt with key3 again. +.Ip "\(bu" 2 +As for \s-1ECB\s0 encryption but increases the key length to 168 bits. +There are theoretic attacks that can be used that make the effective +key length 112 bits, but this attack also requires 2^56 blocks of +memory, not very likely, even for the \s-1NSA\s0. +.Ip "\(bu" 2 +If both keys are the same it is equivalent to encrypting once with +just one key. +.Ip "\(bu" 2 +If the first and last key are the same, the key length is 112 bits. +There are attacks that could reduce the key space to 55 bit's but it +requires 2^56 blocks of memory. +.Ip "\(bu" 2 +If all 3 keys are the same, this is effectively the same as normal +ecb mode. +.Sh "Triple \s-1CBC\s0 Mode" +.IX Subsection "Triple CBC Mode" +Normally, this is found as the function \fIalgorithm\fR\fI_ede3_cbc_encrypt()\fR. +.Ip "\(bu" 2 +Encrypt with key1, decrypt with key2 and then encrypt with key3. +.Ip "\(bu" 2 +As for \s-1CBC\s0 encryption but increases the key length to 168 bits with +the same restrictions as for triple ecb mode. +.SH "NOTES" +.IX Header "NOTES" +This text was been written in large parts by Eric Young in his original +documentation for SSLeay, the predecessor of OpenSSL. In turn, he attributed +it to: +.PP +.Vb 5 +\& AS 2805.5.2 +\& Australian Standard +\& Electronic funds transfer - Requirements for interfaces, +\& Part 5.2: Modes of operation for an n-bit block cipher algorithm +\& Appendix A +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +blowfish(3), des(3), idea(3), +rc2(3) diff --git a/secure/lib/libcrypto/man/dgst.1 b/secure/lib/libcrypto/man/dgst.1 new file mode 100644 index 0000000..c25a14d --- /dev/null +++ b/secure/lib/libcrypto/man/dgst.1 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:09 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DGST 1" +.TH DGST 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdgst\fR +[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR] +[\fB\-c\fR] +[\fB\-d\fR] +[\fB\-hex\fR] +[\fB\-binary\fR] +[\fB\-out filename\fR] +[\fB\-sign filename\fR] +[\fB\-verify filename\fR] +[\fB\-prverify filename\fR] +[\fB\-signature filename\fR] +[\fBfile...\fR] +.PP +[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR] +[\fB\-c\fR] +[\fB\-d\fR] +[\fBfile...\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The digest functions output the message digest of a supplied file or files +in hexadecimal form. They can also be used for digital signing and verification. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-c\fR" 4 +.IX Item "-c" +print out the digest in two digit groups separated by colons, only relevant if +\&\fBhex\fR format output is used. +.Ip "\fB\-d\fR" 4 +.IX Item "-d" +print out \s-1BIO\s0 debugging information. +.Ip "\fB\-hex\fR" 4 +.IX Item "-hex" +digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" +digest as opposed to a digital signature. +.Ip "\fB\-binary\fR" 4 +.IX Item "-binary" +output the digest or signature in binary form. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +filename to output to, or standard output by default. +.Ip "\fB\-sign filename\fR" 4 +.IX Item "-sign filename" +digitally sign the digest using the private key in \*(L"filename\*(R". +.Ip "\fB\-verify filename\fR" 4 +.IX Item "-verify filename" +verify the signature using the the public key in \*(L"filename\*(R". +The output is either \*(L"Verification \s-1OK\s0\*(R" or \*(L"Verification Failure\*(R". +.Ip "\fB\-prverify filename\fR" 4 +.IX Item "-prverify filename" +verify the signature using the the private key in \*(L"filename\*(R". +.Ip "\fB\-signature filename\fR" 4 +.IX Item "-signature filename" +the actual signature to verify. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fBfile...\fR" 4 +.IX Item "file..." +file or files to digest. If no files are specified then standard input is +used. +.SH "NOTES" +.IX Header "NOTES" +The digest of choice for all new applications is \s-1SHA1\s0. Other digests are +however still widely used. +.PP +If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 +digest must be used. +.PP +A source of random numbers is required for certain signing algorithms, in +particular \s-1DSA\s0. +.PP +The signing and verify options should only be used if a single file is +being signed or verified. diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 new file mode 100644 index 0000000..a29412d --- /dev/null +++ b/secure/lib/libcrypto/man/dh.3 @@ -0,0 +1,214 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:13 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DH 1" +.TH DH 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +dh \- Diffie-Hellman key agreement +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dh.h> +.Ve +.Vb 2 +\& DH * DH_new(void); +\& void DH_free(DH *dh); +.Ve +.Vb 1 +\& int DH_size(DH *dh); +.Ve +.Vb 3 +\& DH * DH_generate_parameters(int prime_len, int generator, +\& void (*callback)(int, int, void *), void *cb_arg); +\& int DH_check(DH *dh, int *codes); +.Ve +.Vb 2 +\& int DH_generate_key(DH *dh); +\& int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); +.Ve +.Vb 5 +\& void DH_set_default_method(DH_METHOD *meth); +\& DH_METHOD *DH_get_default_method(void); +\& DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); +\& DH *DH_new_method(DH_METHOD *meth); +\& DH_METHOD *DH_OpenSSL(void); +.Ve +.Vb 4 +\& int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), +\& int (*dup_func)(), void (*free_func)()); +\& int DH_set_ex_data(DH *d, int idx, char *arg); +\& char *DH_get_ex_data(DH *d, int idx); +.Ve +.Vb 2 +\& DH * d2i_DHparams(DH **a, unsigned char **pp, long length); +\& int i2d_DHparams(DH *a, unsigned char **pp); +.Ve +.Vb 2 +\& int DHparams_print_fp(FILE *fp, DH *x); +\& int DHparams_print(BIO *bp, DH *x); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement the Diffie-Hellman key agreement protocol. +The generation of shared \s-1DH\s0 parameters is described in +DH_generate_parameters(3); DH_generate_key(3) describes how +to perform a key agreement. +.PP +The \fB\s-1DH\s0\fR structure consists of several \s-1BIGNUM\s0 components. +.PP +.Vb 9 +\& struct +\& { +\& BIGNUM *p; // prime number (shared) +\& BIGNUM *g; // generator of Z_p (shared) +\& BIGNUM *priv_key; // private DH value x +\& BIGNUM *pub_key; // public DH value g^x +\& // ... +\& }; +\& DH +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dhparam(1), bn(3), dsa(3), err(3), +rand(3), rsa(3), DH_set_method(3), +DH_new(3), DH_get_ex_new_index(3), +DH_generate_parameters(3), +DH_compute_key(3), d2i_DHparams(3), +RSA_print(3) diff --git a/secure/lib/libcrypto/man/dhparam.1 b/secure/lib/libcrypto/man/dhparam.1 new file mode 100644 index 0000000..0549a3d --- /dev/null +++ b/secure/lib/libcrypto/man/dhparam.1 @@ -0,0 +1,249 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:11 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DHPARAM 1" +.TH DHPARAM 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +dhparam \- \s-1DH\s0 parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dhparam\fR +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in\fR \fIfilename\fR] +[\fB\-out\fR \fIfilename\fR] +[\fB\-dsaparam\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-2\fR] +[\fB\-5\fR] +[\fB\-rand\fR \fI\fIfile\fI\|(s)\fR] +[\fInumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate \s-1DH\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +form compatible with the PKCS#3 DHparameter structure. The \s-1PEM\s0 form is the +default format: it consists of the \fB\s-1DER\s0\fR format base64 encoded with +additional header and footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in\fR \fIfilename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. +.Ip "\fB\-out\fR \fIfilename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.Ip "\fB\-dsaparam\fR" 4 +.IX Item "-dsaparam" +If this option is used, \s-1DSA\s0 rather than \s-1DH\s0 parameters are read or created; +they are converted to \s-1DH\s0 format. Otherwise, \*(L"strong\*(R" primes (such +that (p-1)/2 is also prime) will be used for \s-1DH\s0 parameter generation. +.Sp +\&\s-1DH\s0 parameter generation with the \fB\-dsaparam\fR option is much faster, +and the recommended exponent length is shorter, which makes \s-1DH\s0 key +exchange more efficient. Beware that with such DSA-style \s-1DH\s0 +parameters, a fresh \s-1DH\s0 key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. +.Ip "\fB\-2\fR, \fB\-5\fR" 4 +.IX Item "-2, -5" +The generator to use, either 2 or 5. 2 is the default. If present then the +input file is ignored and parameters are generated instead. +.Ip "\fB\-rand\fR \fI\fIfile\fI\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fInumbits\fR" 4 +.IX Item "numbits" +this option specifies that a parameter set should be generated of size +\&\fInumbits\fR. It must be the last option. If not present then a value of 512 +is used. If this option is present then the input file is ignored and +parameters are generated instead. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option inhibits the output of the encoded version of the parameters. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +this option prints out the \s-1DH\s0 parameters in human readable form. +.Ip "\fB\-C\fR" 4 +.IX Item "-C" +this option converts the parameters into C code. The parameters can then +be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function. +.SH "WARNINGS" +.IX Header "WARNINGS" +The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and +\&\fBgendh\fR in previous versions of OpenSSL and SSLeay. The \fBdh\fR and \fBgendh\fR +programs are retained for now but may have different purposes in future +versions of OpenSSL. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN DH PARAMETERS----- +\& -----END DH PARAMETERS----- +.Ve +OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 +\&\s-1DH\s0. +.PP +This program manipulates \s-1DH\s0 parameters not keys. +.SH "BUGS" +.IX Header "BUGS" +There should be a way to generate and manipulate \s-1DH\s0 keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsaparam(1) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBdhparam\fR command was added in OpenSSL 0.9.5. +The \fB\-dsaparam\fR option was added in OpenSSL 0.9.6. diff --git a/secure/lib/libcrypto/man/dsa.1 b/secure/lib/libcrypto/man/dsa.1 new file mode 100644 index 0000000..b1d9b38 --- /dev/null +++ b/secure/lib/libcrypto/man/dsa.1 @@ -0,0 +1,275 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:14 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA 1" +.TH DSA 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +dsa \- \s-1DSA\s0 key processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBdsa\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR This command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option with a private key uses +an \s-1ASN1\s0 \s-1DER\s0 encoded form of an \s-1ASN\s0.1 \s-1SEQUENCE\s0 consisting of the values of +version (currently zero), p, q, g, the public and private key components +respectively as \s-1ASN\s0.1 INTEGERs. When used with a public key it uses a +SubjectPublicKeyInfo structure: it is an error if the key is not \s-1DSA\s0. +.Sp +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. In the case of a private key +PKCS#8 format is also accepted. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.Ip "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +is not specified. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.Ip "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the +\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBdsa\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +prints out the public, private key components and parameters. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the encoded version of the key. +.Ip "\fB\-modulus\fR" 4 +.IX Item "-modulus" +this option prints out the value of the public key component of the key. +.Ip "\fB\-pubin\fR" 4 +.IX Item "-pubin" +by default a private key is read from the input file: with this option a +public key is read instead. +.Ip "\fB\-pubout\fR" 4 +.IX Item "-pubout" +by default a private key is output. With this option a public +key will be output instead. This option is automatically set if the input is +a public key. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN DSA PRIVATE KEY----- +\& -----END DSA PRIVATE KEY----- +.Ve +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN PUBLIC KEY----- +\& -----END PUBLIC KEY----- +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on a \s-1DSA\s0 private key: +.PP +.Vb 1 +\& openssl dsa -in key.pem -out keyout.pem +.Ve +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl dsa -in key.pem -des3 -out keyout.pem +.Ve +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl dsa -in key.pem -outform DER -out keyout.der +.Ve +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl dsa -in key.pem -text -noout +.Ve +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl dsa -in key.pem -pubout -out pubkey.pem +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsaparam(1), gendsa(1), rsa(1), +genrsa(1) diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 new file mode 100644 index 0000000..cc58295 --- /dev/null +++ b/secure/lib/libcrypto/man/dsa.3 @@ -0,0 +1,252 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:15 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSA 1" +.TH DSA 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +dsa \- Digital Signature Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/dsa.h> +.Ve +.Vb 2 +\& DSA * DSA_new(void); +\& void DSA_free(DSA *dsa); +.Ve +.Vb 1 +\& int DSA_size(DSA *dsa); +.Ve +.Vb 3 +\& DSA * DSA_generate_parameters(int bits, unsigned char *seed, +\& int seed_len, int *counter_ret, unsigned long *h_ret, +\& void (*callback)(int, int, void *), void *cb_arg); +.Ve +.Vb 1 +\& DH * DSA_dup_DH(DSA *r); +.Ve +.Vb 1 +\& int DSA_generate_key(DSA *dsa); +.Ve +.Vb 6 +\& int DSA_sign(int dummy, const unsigned char *dgst, int len, +\& unsigned char *sigret, unsigned int *siglen, DSA *dsa); +\& int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, +\& BIGNUM **rp); +\& int DSA_verify(int dummy, const unsigned char *dgst, int len, +\& unsigned char *sigbuf, int siglen, DSA *dsa); +.Ve +.Vb 5 +\& void DSA_set_default_method(DSA_METHOD *meth); +\& DSA_METHOD *DSA_get_default_method(void); +\& DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); +\& DSA *DSA_new_method(DSA_METHOD *meth); +\& DSA_METHOD *DSA_OpenSSL(void); +.Ve +.Vb 4 +\& int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), +\& int (*dup_func)(), void (*free_func)()); +\& int DSA_set_ex_data(DSA *d, int idx, char *arg); +\& char *DSA_get_ex_data(DSA *d, int idx); +.Ve +.Vb 4 +\& DSA_SIG *DSA_SIG_new(void); +\& void DSA_SIG_free(DSA_SIG *a); +\& int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); +\& DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); +.Ve +.Vb 3 +\& DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); +\& int DSA_do_verify(const unsigned char *dgst, int dgst_len, +\& DSA_SIG *sig, DSA *dsa); +.Ve +.Vb 6 +\& DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); +\& DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); +\& DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); +\& int i2d_DSAPublicKey(DSA *a, unsigned char **pp); +\& int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); +\& int i2d_DSAparams(DSA *a,unsigned char **pp); +.Ve +.Vb 4 +\& int DSAparams_print(BIO *bp, DSA *x); +\& int DSAparams_print_fp(FILE *fp, DSA *x); +\& int DSA_print(BIO *bp, DSA *x, int off); +\& int DSA_print_fp(FILE *bp, DSA *x, int off); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement the Digital Signature Algorithm (\s-1DSA\s0). The +generation of shared \s-1DSA\s0 parameters is described in +DSA_generate_parameters(3); +DSA_generate_key(3) describes how to +generate a signature key. Signature generation and verification are +described in DSA_sign(3). +.PP +The \fB\s-1DSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. +.PP +.Vb 10 +\& struct +\& { +\& BIGNUM *p; // prime number (public) +\& BIGNUM *q; // 160-bit subprime, q | p-1 (public) +\& BIGNUM *g; // generator of subgroup (public) +\& BIGNUM *priv_key; // private key x +\& BIGNUM *pub_key; // public key y = g^x +\& // ... +\& } +\& DSA; +.Ve +In public keys, \fBpriv_key\fR is \s-1NULL\s0. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 186 (Digital Signature +Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bn(3), dh(3), err(3), rand(3), +rsa(3), sha(3), DSA_new(3), +DSA_size(3), +DSA_generate_parameters(3), +DSA_dup_DH(3), +DSA_generate_key(3), +DSA_sign(3), DSA_set_method(3), +DSA_get_ex_new_index(3), +RSA_print(3) diff --git a/secure/lib/libcrypto/man/dsaparam.1 b/secure/lib/libcrypto/man/dsaparam.1 new file mode 100644 index 0000000..db3f7c6 --- /dev/null +++ b/secure/lib/libcrypto/man/dsaparam.1 @@ -0,0 +1,222 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:16 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "DSAPARAM 1" +.TH DSAPARAM 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +dsaparam \- \s-1DSA\s0 parameter manipulation and generation +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl dsaparam\fR +[\fB\-inform DER|PEM\fR] +[\fB\-outform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +[\fB\-genkey\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to manipulate or generate \s-1DSA\s0 parameter files. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +form compatible with \s-1RFC2459\s0 (\s-1PKIX\s0) DSS-Parms that is a \s-1SEQUENCE\s0 consisting +of p, q and g respectively. The \s-1PEM\s0 form is the default format: it consists +of the \fB\s-1DER\s0\fR format base64 encoded with additional header and footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read parameters from or standard input if +this option is not specified. If the \fBnumbits\fR parameter is included then +this option will be ignored. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename parameters to. Standard output is used +if this option is not present. The output filename should \fBnot\fR be the same +as the input filename. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option inhibits the output of the encoded version of the parameters. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +this option prints out the \s-1DSA\s0 parameters in human readable form. +.Ip "\fB\-C\fR" 4 +.IX Item "-C" +this option converts the parameters into C code. The parameters can then +be loaded by calling the \fB\f(BIget_dsaXXX()\fB\fR function. +.Ip "\fB\-genkey\fR" 4 +.IX Item "-genkey" +this option will generate a \s-1DSA\s0 either using the specified or generated +parameters. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fBnumbits\fR" 4 +.IX Item "numbits" +this option specifies that a parameter set should be generated of size +\&\fBnumbits\fR. It must be the last option. If this option is included then +the input file (if any) is ignored. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN DSA PARAMETERS----- +\& -----END DSA PARAMETERS----- +.Ve +\&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of +\&\s-1DSA\s0 parameters is often used to generate several distinct keys. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +gendsa(1), dsa(1), genrsa(1), +rsa(1) diff --git a/secure/lib/libcrypto/man/enc.1 b/secure/lib/libcrypto/man/enc.1 new file mode 100644 index 0000000..f856e4c --- /dev/null +++ b/secure/lib/libcrypto/man/enc.1 @@ -0,0 +1,392 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:19 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ENC 1" +.TH ENC 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +enc \- symmetric cipher routines +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl enc \-ciphername\fR +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-pass arg\fR] +[\fB\-e\fR] +[\fB\-d\fR] +[\fB\-a\fR] +[\fB\-A\fR] +[\fB\-k password\fR] +[\fB\-kfile filename\fR] +[\fB\-K key\fR] +[\fB\-iv \s-1IV\s0\fR] +[\fB\-p\fR] +[\fB\-P\fR] +[\fB\-bufsize number\fR] +[\fB\-debug\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. Base64 encoding or decoding can also be performed +either by itself or in addition to the encryption or decryption. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +the input filename, standard input by default. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +the output filename, standard output by default. +.Ip "\fB\-pass arg\fR" 4 +.IX Item "-pass arg" +the password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-salt\fR" 4 +.IX Item "-salt" +use a salt in the key derivation routines. This option should \fB\s-1ALWAYS\s0\fR +be used unless compatibility with previous versions of OpenSSL or SSLeay +is required. This option is only present on OpenSSL versions 0.9.5 or +above. +.Ip "\fB\-nosalt\fR" 4 +.IX Item "-nosalt" +don't use a salt in the key derivation routines. This is the default for +compatibility with previous versions of OpenSSL and SSLeay. +.Ip "\fB\-e\fR" 4 +.IX Item "-e" +encrypt the input data: this is the default. +.Ip "\fB\-d\fR" 4 +.IX Item "-d" +decrypt the input data. +.Ip "\fB\-a\fR" 4 +.IX Item "-a" +base64 process the data. This means that if encryption is taking place +the data is base64 encoded after encryption. If decryption is set then +the input data is base64 decoded before being decrypted. +.Ip "\fB\-A\fR" 4 +.IX Item "-A" +if the \fB\-a\fR option is set then base64 process the data on one line. +.Ip "\fB\-k password\fR" 4 +.IX Item "-k password" +the password to derive the key from. This is for compatibility with previous +versions of OpenSSL. Superseded by the \fB\-pass\fR argument. +.Ip "\fB\-kfile filename\fR" 4 +.IX Item "-kfile filename" +read the password to derive the key from the first line of \fBfilename\fR. +This is for computability with previous versions of OpenSSL. Superseded by +the \fB\-pass\fR argument. +.Ip "\fB\-S salt\fR" 4 +.IX Item "-S salt" +the actual salt to use: this must be represented as a string comprised only +of hex digits. +.Ip "\fB\-K key\fR" 4 +.IX Item "-K key" +the actual key to use: this must be represented as a string comprised only +of hex digits. If only the key is specified, the \s-1IV\s0 must additionally specified +using the \fB\-iv\fR option. When both a key and a password are specified, the +key given with the \fB\-K\fR option will be used and the \s-1IV\s0 generated from the +password will be taken. It probably does not make much sense to specify +both key and password. +.Ip "\fB\-iv \s-1IV\s0\fR" 4 +.IX Item "-iv IV" +the actual \s-1IV\s0 to use: this must be represented as a string comprised only +of hex digits. When only the key is specified using the \fB\-K\fR option, the +\&\s-1IV\s0 must explicitly be defined. When a password is being specified using +one of the other options, the \s-1IV\s0 is generated from this password. +.Ip "\fB\-p\fR" 4 +.IX Item "-p" +print out the key and \s-1IV\s0 used. +.Ip "\fB\-P\fR" 4 +.IX Item "-P" +print out the key and \s-1IV\s0 used then immediately exit: don't do any encryption +or decryption. +.Ip "\fB\-bufsize number\fR" 4 +.IX Item "-bufsize number" +set the buffer size for I/O +.Ip "\fB\-debug\fR" 4 +.IX Item "-debug" +debug the BIOs used for I/O. +.SH "NOTES" +.IX Header "NOTES" +The program can be called either as \fBopenssl ciphername\fR or +\&\fBopenssl enc \-ciphername\fR. +.PP +A password will be prompted for to derive the key and \s-1IV\s0 if necessary. +.PP +The \fB\-salt\fR option should \fB\s-1ALWAYS\s0\fR be used if the key is being derived +from a password unless you want compatibility with previous versions of +OpenSSL and SSLeay. +.PP +Without the \fB\-salt\fR option it is possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. The reason +for this is that without the salt the same password always generates the same +encryption key. When the salt is being used the first eight bytes of the +encrypted data are reserved for the salt: it is generated at random when +encrypting a file and read from the encrypted file when it is decrypted. +.PP +Some of the ciphers do not have large keys and others have security +implications if not used correctly. A beginner is advised to just use +a strong block cipher in \s-1CBC\s0 mode such as bf or des3. +.PP +All the block ciphers use PKCS#5 padding also known as standard block +padding: this allows a rudimentary integrity or password check to be +performed. However since the chance of random data passing the test is +better than 1 in 256 it isn't a very good test. +.PP +All \s-1RC2\s0 ciphers have the same key and effective key length. +.PP +Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. +.SH "SUPPORTED CIPHERS" +.IX Header "SUPPORTED CIPHERS" +.Vb 1 +\& base64 Base 64 +.Ve +.Vb 5 +\& bf-cbc Blowfish in CBC mode +\& bf Alias for bf-cbc +\& bf-cfb Blowfish in CFB mode +\& bf-ecb Blowfish in ECB mode +\& bf-ofb Blowfish in OFB mode +.Ve +.Vb 6 +\& cast-cbc CAST in CBC mode +\& cast Alias for cast-cbc +\& cast5-cbc CAST5 in CBC mode +\& cast5-cfb CAST5 in CFB mode +\& cast5-ecb CAST5 in ECB mode +\& cast5-ofb CAST5 in OFB mode +.Ve +.Vb 5 +\& des-cbc DES in CBC mode +\& des Alias for des-cbc +\& des-cfb DES in CBC mode +\& des-ofb DES in OFB mode +\& des-ecb DES in ECB mode +.Ve +.Vb 4 +\& des-ede-cbc Two key triple DES EDE in CBC mode +\& des-ede Alias for des-ede +\& des-ede-cfb Two key triple DES EDE in CFB mode +\& des-ede-ofb Two key triple DES EDE in OFB mode +.Ve +.Vb 5 +\& des-ede3-cbc Three key triple DES EDE in CBC mode +\& des-ede3 Alias for des-ede3-cbc +\& des3 Alias for des-ede3-cbc +\& des-ede3-cfb Three key triple DES EDE CFB mode +\& des-ede3-ofb Three key triple DES EDE in OFB mode +.Ve +.Vb 1 +\& desx DESX algorithm. +.Ve +.Vb 5 +\& idea-cbc IDEA algorithm in CBC mode +\& idea same as idea-cbc +\& idea-cfb IDEA in CFB mode +\& idea-ecb IDEA in ECB mode +\& idea-ofb IDEA in OFB mode +.Ve +.Vb 7 +\& rc2-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2-cbc +\& rc2-cfb 128 bit RC2 in CBC mode +\& rc2-ecb 128 bit RC2 in CBC mode +\& rc2-ofb 128 bit RC2 in CBC mode +\& rc2-64-cbc 64 bit RC2 in CBC mode +\& rc2-40-cbc 40 bit RC2 in CBC mode +.Ve +.Vb 3 +\& rc4 128 bit RC4 +\& rc4-64 64 bit RC4 +\& rc4-40 40 bit RC4 +.Ve +.Vb 5 +\& rc5-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5-cbc +\& rc5-cfb RC5 cipher in CBC mode +\& rc5-ecb RC5 cipher in CBC mode +\& rc5-ofb RC5 cipher in CBC mode +.Ve +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Just base64 encode a binary file: +.PP +.Vb 1 +\& openssl base64 -in file.bin -out file.b64 +.Ve +Decode the same file +.PP +.Vb 1 +\& openssl base64 -d -in file.b64 -out file.bin +.Ve +Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: +.PP +.Vb 1 +\& openssl des3 -salt -in file.txt -out file.des3 +.Ve +Decrypt a file using a supplied password: +.PP +.Vb 1 +\& openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword +.Ve +Encrypt a file then base64 encode it (so it can be sent via mail for example) +using Blowfish in \s-1CBC\s0 mode: +.PP +.Vb 1 +\& openssl bf -a -salt -in file.txt -out file.bf +.Ve +Base64 decode a file then decrypt it: +.PP +.Vb 1 +\& openssl bf -d -salt -a -in file.bf -out file.txt +.Ve +Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: +.PP +.Vb 1 +\& openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \fB\-A\fR option when used with large files doesn't work properly. +.PP +There should be an option to allow an iteration count to be included. +.PP +Like the \s-1EVP\s0 library the \fBenc\fR program only supports a fixed number of +algorithms with certain parameters. So if, for example, you want to use \s-1RC2\s0 +with a 76 bit key or \s-1RC4\s0 with an 84 bit key you can't use this program. diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 new file mode 100644 index 0000000..87c63b7 --- /dev/null +++ b/secure/lib/libcrypto/man/err.3 @@ -0,0 +1,334 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:18 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "ERR 1" +.TH ERR 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +err \- error codes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/err.h> +.Ve +.Vb 8 +\& unsigned long ERR_get_error(void); +\& unsigned long ERR_peek_error(void); +\& unsigned long ERR_get_error_line(const char **file, int *line); +\& unsigned long ERR_peek_error_line(const char **file, int *line); +\& unsigned long ERR_get_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +\& unsigned long ERR_peek_error_line_data(const char **file, int *line, +\& const char **data, int *flags); +.Ve +.Vb 3 +\& int ERR_GET_LIB(unsigned long e); +\& int ERR_GET_FUNC(unsigned long e); +\& int ERR_GET_REASON(unsigned long e); +.Ve +.Vb 1 +\& void ERR_clear_error(void); +.Ve +.Vb 4 +\& char *ERR_error_string(unsigned long e, char *buf); +\& const char *ERR_lib_error_string(unsigned long e); +\& const char *ERR_func_error_string(unsigned long e); +\& const char *ERR_reason_error_string(unsigned long e); +.Ve +.Vb 2 +\& void ERR_print_errors(BIO *bp); +\& void ERR_print_errors_fp(FILE *fp); +.Ve +.Vb 2 +\& void ERR_load_crypto_strings(void); +\& void ERR_free_strings(void); +.Ve +.Vb 1 +\& void ERR_remove_state(unsigned long pid); +.Ve +.Vb 3 +\& void ERR_put_error(int lib, int func, int reason, const char *file, +\& int line); +\& void ERR_add_error_data(int num, ...); +.Ve +.Vb 3 +\& void ERR_load_strings(int lib,ERR_STRING_DATA str[]); +\& unsigned long ERR_PACK(int lib, int func, int reason); +\& int ERR_get_next_error_library(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +When a call to the OpenSSL library fails, this is usually signalled +by the return value, and an error code is stored in an error queue +associated with the current thread. The \fBerr\fR library provides +functions to obtain these error codes and textual error messages. +.PP +The ERR_get_error(3) manpage describes how to +access error codes. +.PP +Error codes contain information about where the error occurred, and +what went wrong. ERR_GET_LIB(3) describes how to +extract this information. A method to obtain human-readable error +messages is described in ERR_error_string(3). +.PP +ERR_clear_error(3) can be used to clear the +error queue. +.PP +Note that ERR_remove_state(3) should be used to +avoid memory leaks when threads are terminated. +.SH "ADDING NEW ERROR CODES TO OPENSSL" +.IX Header "ADDING NEW ERROR CODES TO OPENSSL" +See \fIERR_put_error\fR\|(3) if you want to record error codes in the +OpenSSL error system from within your application. +.PP +The remainder of this section is of interest only if you want to add +new error codes to OpenSSL or add error codes from external libraries. +.Sh "Reporting errors" +.IX Subsection "Reporting errors" +Each sub-library has a specific macro \fIXXXerr()\fR that is used to report +errors. Its first argument is a function code \fB\s-1XXX_F_\s0...\fR, the second +argument is a reason code \fB\s-1XXX_R_\s0...\fR. Function codes are derived +from the function names; reason codes consist of textual error +descriptions. For example, the function \fIssl23_read()\fR reports a +\&\*(L"handshake failure\*(R" as follows: +.PP +.Vb 1 +\& SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); +.Ve +Function and reason codes should consist of upper case characters, +numbers and underscores only. The error file generation script translates +function codes into function names by looking in the header files +for an appropriate function name, if none is found it just uses +the capitalized form such as \*(L"\s-1SSL23_READ\s0\*(R" in the above example. +.PP +The trailing section of a reason code (after the \*(L"_R_\*(R") is translated +into lower case and underscores changed to spaces. +.PP +When you are using new function or reason codes, run \fBmake errors\fR. +The necessary \fB#define\fRs will then automatically be added to the +sub-library's header file. +.PP +Although a library will normally report errors using its own specific +XXXerr macro, another library's macro can be used. This is normally +only done when a library wants to include \s-1ASN1\s0 code which must use +the \fIASN1err()\fR macro. +.Sh "Adding new libraries" +.IX Subsection "Adding new libraries" +When adding a new sub-library to OpenSSL, assign it a library number +\&\fB\s-1ERR_LIB_XXX\s0\fR, define a macro \fIXXXerr()\fR (both in \fBerr.h\fR), add its +name to \fBERR_str_libraries[]\fR (in \fBcrypto/err/err.c\fR), and add +\&\f(CW\*(C`ERR_load_XXX_strings()\*(C'\fR to the \fIERR_load_crypto_strings()\fR function +(in \fBcrypto/err/err_all.c\fR). Finally, add an entry +.PP +.Vb 1 +\& L XXX xxx.h xxx_err.c +.Ve +to \fBcrypto/err/openssl.ec\fR, and add \fBxxx_err.c\fR to the Makefile. +Running \fBmake errors\fR will then generate a file \fBxxx_err.c\fR, and +add all error codes used in the library to \fBxxx.h\fR. +.PP +Additionally the library include file must have a certain form. +Typically it will initially look like this: +.PP +.Vb 2 +\& #ifndef HEADER_XXX_H +\& #define HEADER_XXX_H +.Ve +.Vb 3 +\& #ifdef __cplusplus +\& extern "C" { +\& #endif +.Ve +.Vb 1 +\& /* Include files */ +.Ve +.Vb 2 +\& #include <openssl/bio.h> +\& #include <openssl/x509.h> +.Ve +.Vb 1 +\& /* Macros, structures and function prototypes */ +.Ve +.Vb 1 +\& /* BEGIN ERROR CODES */ +.Ve +The \fB\s-1BEGIN\s0 \s-1ERROR\s0 \s-1CODES\s0\fR sequence is used by the error code +generation script as the point to place new error codes, any text +after this point will be overwritten when \fBmake errors\fR is run. +The closing #endif etc will be automatically added by the script. +.PP +The generated C error code file \fBxxx_err.c\fR will load the header +files \fBstdio.h\fR, \fBopenssl/err.h\fR and \fBopenssl/xxx.h\fR so the +header file must load any additional header files containing any +definitions it uses. +.SH "USING ERROR CODES IN EXTERNAL LIBRARIES" +.IX Header "USING ERROR CODES IN EXTERNAL LIBRARIES" +It is also possible to use OpenSSL's error code scheme in external +libraries. The library needs to load its own codes and call the OpenSSL +error code insertion script \fBmkerr.pl\fR explicitly to add codes to +the header file and generate the C error code file. This will normally +be done if the external library needs to generate new \s-1ASN1\s0 structures +but it can also be used to add more general purpose error code handling. +.PP +\&\s-1TBA\s0 more details +.SH "INTERNALS" +.IX Header "INTERNALS" +The error queues are stored in a hash table with one \fB\s-1ERR_STATE\s0\fR +entry for each pid. \fIERR_get_state()\fR returns the current thread's +\&\fB\s-1ERR_STATE\s0\fR. An \fB\s-1ERR_STATE\s0\fR can hold up to \fB\s-1ERR_NUM_ERRORS\s0\fR error +codes. When more error codes are added, the old ones are overwritten, +on the assumption that the most recent errors are most important. +.PP +Error strings are also stored in hash table. The hash tables can +be obtained by calling ERR_get_err_state_table(void) and +ERR_get_string_table(void) respectively. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +CRYPTO_set_id_callback(3), +CRYPTO_set_locking_callback(3), +ERR_get_error(3), +ERR_GET_LIB(3), +ERR_clear_error(3), +ERR_error_string(3), +ERR_print_errors(3), +ERR_load_crypto_strings(3), +ERR_remove_state(3), +ERR_put_error(3), +ERR_load_strings(3), +SSL_get_error(3) diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 new file mode 100644 index 0000000..9e688e2 --- /dev/null +++ b/secure/lib/libcrypto/man/evp.3 @@ -0,0 +1,173 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:20 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "EVP 1" +.TH EVP 1 "perl v5.6.1" "2001-02-18" "User Contributed Perl Documentation" +.UC +.SH "NAME" +evp \- high-level cryptographic functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/evp.h> +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \s-1EVP\s0 library provides a high-level interface to cryptographic +functions. +.PP +\&\fBEVP_Seal\fR\fI...\fR and \fBEVP_Open\fR\fI...\fR provide public key encryption +and decryption to implement digital \*(L"envelopes\*(R". +.PP +The \fBEVP_Sign\fR\fI...\fR and \fBEVP_Verify\fR\fI...\fR functions implement +digital signatures. +.PP +Symmetric encryption is available with the \fBEVP_Encrypt\fR\fI...\fR +functions. The \fBEVP_Digest\fR\fI...\fR functions provide message digests. +.PP +Algorithms are loaded with \fIOpenSSL_add_all_algorithms\fR\|(3). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +EVP_DigestInit(3), +EVP_EncryptInit(3), +EVP_OpenInit(3), +EVP_SealInit(3), +EVP_SignInit(3), +EVP_VerifyInit(3), +OpenSSL_add_all_algorithms(3) diff --git a/secure/lib/libcrypto/man/gendsa.1 b/secure/lib/libcrypto/man/gendsa.1 new file mode 100644 index 0000000..a962c1a --- /dev/null +++ b/secure/lib/libcrypto/man/gendsa.1 @@ -0,0 +1,184 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:22 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "GENDSA 1" +.TH GENDSA 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +gendsa \- generate a \s-1DSA\s0 private key from a set of parameters +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgendsa\fR +[\fB\-out filename\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +[\fBparamfile\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 parameter file +(which will be typically generated by the \fBopenssl dsaparam\fR command). +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the +\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +If none of these options is specified no encryption is used. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fBparamfile\fR" 4 +.IX Item "paramfile" +This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this +file determine the size of the private key. \s-1DSA\s0 parameters can be generated +and examined using the \fBopenssl dsaparam\fR command. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1DSA\s0 key generation is little more than random number generation so it is +much quicker that \s-1RSA\s0 key generation for example. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsaparam(1), dsa(1), genrsa(1), +rsa(1) diff --git a/secure/lib/libcrypto/man/genrsa.1 b/secure/lib/libcrypto/man/genrsa.1 new file mode 100644 index 0000000..473e239b --- /dev/null +++ b/secure/lib/libcrypto/man/genrsa.1 @@ -0,0 +1,209 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:24 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "GENRSA 1" +.TH GENRSA 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +genrsa \- generate an \s-1RSA\s0 private key +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBgenrsa\fR +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-f4\fR] +[\fB\-3\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +[\fBnumbits\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBgenrsa\fR command generates an \s-1RSA\s0 private key. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +the output filename. If this argument is not specified then standard output is +used. +.Ip "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the +\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is +specified no encryption is used. If encryption is used a pass phrase is prompted +for if it is not supplied via the \fB\-passout\fR argument. +.Ip "\fB\-F4|\-3\fR" 4 +.IX Item "-F4|-3" +the public exponent to use, either 65537 or 3. The default is 65537. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fBnumbits\fR" 4 +.IX Item "numbits" +the size of the private key to generate in bits. This must be the last option +specified. The default is 512. +.SH "NOTES" +.IX Header "NOTES" +\&\s-1RSA\s0 private key generation essentially involves the generation of two prime +numbers. When generating a private key various symbols will be output to +indicate the progress of the generation. A \fB.\fR represents each number which +has passed an initial sieve test, \fB+\fR means a number has passed a single +round of the Miller-Rabin primality test. A newline means that the number has +passed all the prime tests (the actual number depends on the key size). +.PP +Because key generation is a random process the time taken to generate a key +may vary somewhat. +.SH "BUGS" +.IX Header "BUGS" +A quirk of the prime generation algorithm is that it cannot generate small +primes. Therefore the number of bits should not be less that 64. For typical +private keys this will not matter because for security reasons they will +be much larger (typically 1024 bits). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +gendsa(1) diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 new file mode 100644 index 0000000..9d6d769 --- /dev/null +++ b/secure/lib/libcrypto/man/hmac.3 @@ -0,0 +1,212 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:23 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "HMAC 1" +.TH HMAC 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message +authentication code +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/hmac.h> +.Ve +.Vb 3 +\& unsigned char *HMAC(const EVP_MD *evp_md, const void *key, +\& int key_len, const unsigned char *d, int n, +\& unsigned char *md, unsigned int *md_len); +.Ve +.Vb 4 +\& void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, +\& const EVP_MD *md); +\& void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); +\& void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +.Ve +.Vb 1 +\& void HMAC_cleanup(HMAC_CTX *ctx); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1HMAC\s0 is a \s-1MAC\s0 (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.PP +\&\fIHMAC()\fR computes the message authentication code of the \fBn\fR bytes at +\&\fBd\fR using the hash function \fBevp_md\fR and the key \fBkey\fR which is +\&\fBkey_len\fR bytes long. +.PP +It places the result in \fBmd\fR (which must have space for the output of +the hash function, which is no more than \fB\s-1EVP_MAX_MD_SIZE\s0\fR bytes). +If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static array. The size of +the output is placed in \fBmd_len\fR, unless it is \fB\s-1NULL\s0\fR. +.PP +\&\fBevp_md\fR can be \fIEVP_sha1()\fR, \fIEVP_ripemd160()\fR etc. +\&\fBkey\fR and \fBevp_md\fR may be \fB\s-1NULL\s0\fR if a key and hash function have +been set in a previous call to \fIHMAC_Init()\fR for that \fB\s-1HMAC_CTX\s0\fR. +.PP +\&\fIHMAC_cleanup()\fR erases the key and other data from the \fB\s-1HMAC_CTX\s0\fR. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIHMAC_Init()\fR initializes a \fB\s-1HMAC_CTX\s0\fR structure to use the hash +function \fBevp_md\fR and the key \fBkey\fR which is \fBkey_len\fR bytes long. +.PP +\&\fIHMAC_Update()\fR can be called repeatedly with chunks of the message to +be authenticated (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIHMAC_Final()\fR places the message authentication code in \fBmd\fR, which +must have space for the hash function output. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIHMAC()\fR returns a pointer to the message authentication code. +.PP +\&\fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR do not +return values. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 2104 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +sha(3), evp(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIHMAC()\fR, \fIHMAC_Init()\fR, \fIHMAC_Update()\fR, \fIHMAC_Final()\fR and \fIHMAC_cleanup()\fR +are available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 new file mode 100644 index 0000000..5c60105 --- /dev/null +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -0,0 +1,196 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:25 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "LH_STATS 1" +.TH LH_STATS 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, +lh_node_stats_bio, lh_node_usage_stats_bio \- \s-1LHASH\s0 statistics +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/lhash.h> +.Ve +.Vb 3 +\& void lh_stats(LHASH *table, FILE *out); +\& void lh_node_stats(LHASH *table, FILE *out); +\& void lh_node_usage_stats(LHASH *table, FILE *out); +.Ve +.Vb 3 +\& void lh_stats_bio(LHASH *table, BIO *out); +\& void lh_node_stats_bio(LHASH *table, BIO *out); +\& void lh_node_usage_stats_bio(LHASH *table, BIO *out); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fB\s-1LHASH\s0\fR structure records statistics about most aspects of +accessing the hash table. This is mostly a legacy of Eric Young +writing this library for the reasons of implementing what looked like +a nice algorithm rather than for a particular software product. +.PP +\&\fIlh_stats()\fR prints out statistics on the size of the hash table, how +many entries are in it, and the number and result of calls to the +routines in this library. +.PP +\&\fIlh_node_stats()\fR prints the number of entries for each 'bucket' in the +hash table. +.PP +\&\fIlh_node_usage_stats()\fR prints out a short summary of the state of the +hash table. It prints the 'load' and the 'actual load'. The load is +the average number of data items per 'bucket' in the hash table. The +\&'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. So the 'actual load' is the +average number of searches that will need to find an item in the hash +table, while the 'load' is the average number that will be done to +record a miss. +.PP +\&\fIlh_stats_bio()\fR, \fIlh_node_stats_bio()\fR and \fIlh_node_usage_stats_bio()\fR +are the same as the above, except that the output goes to a \fB\s-1BIO\s0\fR. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +These functions do not return values. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +bio(3), lhash(3) +.SH "HISTORY" +.IX Header "HISTORY" +These functions are available in all versions of SSLeay and OpenSSL. +.PP +This manpage is derived from the SSLeay documentation. diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 new file mode 100644 index 0000000..619e4d9 --- /dev/null +++ b/secure/lib/libcrypto/man/lhash.3 @@ -0,0 +1,292 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:27 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "LHASH 1" +.TH LHASH 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, +lh_doall_arg, lh_error \- dynamic hash table +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/lhash.h> +.Ve +.Vb 3 +\& LHASH *lh_new(unsigned long (*hash)(/*void *a*/), +\& int (*compare)(/*void *a,void *b*/)); +\& void lh_free(LHASH *table); +.Ve +.Vb 3 +\& void *lh_insert(LHASH *table, void *data); +\& void *lh_delete(LHASH *table, void *data); +\& void *lh_retrieve(LHASH *table, void *data); +.Ve +.Vb 3 +\& void lh_doall(LHASH *table, void (*func)(/*void *b*/)); +\& void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/), +\& void *arg); +.Ve +.Vb 1 +\& int lh_error(LHASH *table); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements dynamic hash tables. The hash table entries +can be arbitrary structures. Usually they consist of key and value +fields. +.PP +\&\fIlh_new()\fR creates a new \fB\s-1LHASH\s0\fR structure. \fBhash\fR takes a pointer to +the structure and returns an unsigned long hash value of its key +field. The hash value is normally truncated to a power of 2, so make +sure that your hash function returns well mixed low order +bits. \fBcompare\fR takes two arguments, and returns 0 if their keys are +equal, non-zero otherwise. +.PP +\&\fIlh_free()\fR frees the \fB\s-1LHASH\s0\fR structure \fBtable\fR. Allocated hash table +entries will not be freed; consider using \fIlh_doall()\fR to deallocate any +remaining entries in the hash table. +.PP +\&\fIlh_insert()\fR inserts the structure pointed to by \fBdata\fR into \fBtable\fR. +If there already is an entry with the same key, the old value is +replaced. Note that \fIlh_insert()\fR stores pointers, the data are not +copied. +.PP +\&\fIlh_delete()\fR deletes an entry from \fBtable\fR. +.PP +\&\fIlh_retrieve()\fR looks up an entry in \fBtable\fR. Normally, \fBdata\fR is +a structure with the key \fIfield\fR\|(s) set; the function will return a +pointer to a fully populated structure. +.PP +\&\fIlh_doall()\fR will, for every entry in the hash table, call \fBfunc\fR with +the data item as parameters. +This function can be quite useful when used as follows: + void cleanup(\s-1STUFF\s0 *a) + { \fISTUFF_free\fR\|(a); } + lh_doall(hash,cleanup); + lh_free(hash); +This can be used to free all the entries. \fIlh_free()\fR then cleans up the +\&'buckets' that point to nothing. When doing this, be careful if you +delete entries from the hash table in \fBfunc\fR: the table may decrease +in size, moving item that you are currently on down lower in the hash +table. This could cause some entries to be skipped. The best +solution to this problem is to set hash->down_load=0 before you +start. This will stop the hash table ever being decreased in size. +.PP +\&\fIlh_doall_arg()\fR is the same as \fIlh_doall()\fR except that \fBfunc\fR will +be called with \fBarg\fR as the second argument. +.PP +\&\fIlh_error()\fR can be used to determine if an error occurred in the last +operation. \fIlh_error()\fR is a macro. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIlh_new()\fR returns \fB\s-1NULL\s0\fR on error, otherwise a pointer to the new +\&\fB\s-1LHASH\s0\fR structure. +.PP +When a hash table entry is replaced, \fIlh_insert()\fR returns the value +being replaced. \fB\s-1NULL\s0\fR is returned on normal operation and on error. +.PP +\&\fIlh_delete()\fR returns the entry being deleted. \fB\s-1NULL\s0\fR is returned if +there is no such value in the hash table. +.PP +\&\fIlh_retrieve()\fR returns the hash table entry if it has been found, +\&\fB\s-1NULL\s0\fR otherwise. +.PP +\&\fIlh_error()\fR returns 1 if an error occurred in the last operation, 0 +otherwise. +.PP +\&\fIlh_free()\fR, \fIlh_doall()\fR and \fIlh_doall_arg()\fR return no values. +.SH "BUGS" +.IX Header "BUGS" +\&\fIlh_insert()\fR returns \fB\s-1NULL\s0\fR both for success and error. +.SH "INTERNALS" +.IX Header "INTERNALS" +The following description is based on the SSLeay documentation: +.PP +The \fBlhash\fR library implements a hash table described in the +\&\fICommunications of the \s-1ACM\s0\fR in 1991. What makes this hash table +different is that as the table fills, the hash table is increased (or +decreased) in size via \fIOPENSSL_realloc()\fR. When a 'resize' is done, instead of +all hashes being redistributed over twice as many 'buckets', one +bucket is split. So when an 'expand' is done, there is only a minimal +cost to redistribute some values. Subsequent inserts will cause more +single 'bucket' redistributions but there will never be a sudden large +cost due to redistributing all the 'buckets'. +.PP +The state for a particular hash table is kept in the \fB\s-1LHASH\s0\fR structure. +The decision to increase or decrease the hash table size is made +depending on the 'load' of the hash table. The load is the number of +items in the hash table divided by the size of the hash table. The +default values are as follows. If (hash->up_load < load) => +expand. if (hash->down_load > load) => contract. The +\&\fBup_load\fR has a default value of 1 and \fBdown_load\fR has a default value +of 2. These numbers can be modified by the application by just +playing with the \fBup_load\fR and \fBdown_load\fR variables. The 'load' is +kept in a form which is multiplied by 256. So +hash->up_load=8*256; will cause a load of 8 to be set. +.PP +If you are interested in performance the field to watch is +num_comp_calls. The hash library keeps track of the 'hash' value for +each item so when a lookup is done, the 'hashes' are compared, if +there is a match, then a full compare is done, and +hash->num_comp_calls is incremented. If num_comp_calls is not equal +to num_delete plus num_retrieve it means that your hash function is +generating hashes that are the same for different values. It is +probably worth changing your hash function if this is the case because +even if your hash table has 10 items in a 'bucket', it can be searched +with 10 \fBunsigned long\fR compares and 10 linked list traverses. This +will be much less expensive that 10 calls to you compare function. +.PP +\&\fIlh_strhash()\fR is a demo string hashing function: +.PP +.Vb 1 +\& unsigned long lh_strhash(const char *c); +.Ve +Since the \fB\s-1LHASH\s0\fR routines would normally be passed structures, this +routine would not normally be passed to \fIlh_new()\fR, rather it would be +used in the function passed to \fIlh_new()\fR. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +lh_stats(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fBlhash\fR library is available in all versions of SSLeay and OpenSSL. +\&\fIlh_error()\fR was added in SSLeay 0.9.1b. +.PP +This manpage is derived from the SSLeay documentation. diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 new file mode 100644 index 0000000..d759e64 --- /dev/null +++ b/secure/lib/libcrypto/man/md5.3 @@ -0,0 +1,239 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:29 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "MD5 1" +.TH MD5 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update, +MD4_Final, MD5_Init, MD5_Update, MD5_Final \- \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 hash functions +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/md2.h> +.Ve +.Vb 2 +\& unsigned char *MD2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +.Ve +.Vb 4 +\& void MD2_Init(MD2_CTX *c); +\& void MD2_Update(MD2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& void MD2_Final(unsigned char *md, MD2_CTX *c); +.Ve +.Vb 1 +\& #include <openssl/md4.h> +.Ve +.Vb 2 +\& unsigned char *MD4(const unsigned char *d, unsigned long n, +\& unsigned char *md); +.Ve +.Vb 4 +\& void MD4_Init(MD4_CTX *c); +\& void MD4_Update(MD4_CTX *c, const void *data, +\& unsigned long len); +\& void MD4_Final(unsigned char *md, MD4_CTX *c); +.Ve +.Vb 1 +\& #include <openssl/md5.h> +.Ve +.Vb 2 +\& unsigned char *MD5(const unsigned char *d, unsigned long n, +\& unsigned char *md); +.Ve +.Vb 4 +\& void MD5_Init(MD5_CTX *c); +\& void MD5_Update(MD5_CTX *c, const void *data, +\& unsigned long len); +\& void MD5_Final(unsigned char *md, MD5_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are cryptographic hash functions with a 128 bit output. +.PP +\&\fIMD2()\fR, \fIMD4()\fR, and \fIMD5()\fR compute the \s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 message digest +of the \fBn\fR bytes at \fBd\fR and place it in \fBmd\fR (which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == \s-1MD4_DIGEST_LENGTH\s0 == \s-1MD5_DIGEST_LENGTH\s0 == 16 +bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest is placed in a static +array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIMD2_Init()\fR initializes a \fB\s-1MD2_CTX\s0\fR structure. +.PP +\&\fIMD2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIMD2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MD2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MD2_CTX\s0\fR. +.PP +\&\fIMD4_Init()\fR, \fIMD4_Update()\fR, \fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and +\&\fIMD5_Final()\fR are analogous using an \fB\s-1MD4_CTX\s0\fR and \fB\s-1MD5_CTX\s0\fR structure. +.PP +Applications should use the higher level functions +EVP_DigestInit(3) +etc. instead of calling the hash functions directly. +.SH "NOTE" +.IX Header "NOTE" +\&\s-1MD2\s0, \s-1MD4\s0, and \s-1MD5\s0 are recommended only for compatibility with existing +applications. In new applications, \s-1SHA-1\s0 or \s-1RIPEMD-160\s0 should be +preferred. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIMD2()\fR, \fIMD4()\fR, and \fIMD5()\fR return pointers to the hash value. +.PP +\&\fIMD2_Init()\fR, \fIMD2_Update()\fR, \fIMD2_Final()\fR, \fIMD4_Init()\fR, \fIMD4_Update()\fR, +\&\fIMD4_Final()\fR, \fIMD5_Init()\fR, \fIMD5_Update()\fR, and \fIMD5_Final()\fR do not return +values. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1RFC\s0 1319, \s-1RFC\s0 1320, \s-1RFC\s0 1321 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +sha(3), ripemd(3), EVP_DigestInit(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIMD2()\fR, \fIMD2_Init()\fR, \fIMD2_Update()\fR \fIMD2_Final()\fR, \fIMD5()\fR, \fIMD5_Init()\fR, +\&\fIMD5_Update()\fR and \fIMD5_Final()\fR are available in all versions of SSLeay +and OpenSSL. +.PP +\&\fIMD4()\fR, \fIMD4_Init()\fR, and \fIMD4_Update()\fR are available in OpenSSL 0.9.6 and +above. diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 new file mode 100644 index 0000000..f3a0078 --- /dev/null +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "MDC2 1" +.TH MDC2 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/mdc2.h> +.Ve +.Vb 2 +\& unsigned char *MDC2(const unsigned char *d, unsigned long n, +\& unsigned char *md); +.Ve +.Vb 4 +\& void MDC2_Init(MDC2_CTX *c); +\& void MDC2_Update(MDC2_CTX *c, const unsigned char *data, +\& unsigned long len); +\& void MDC2_Final(unsigned char *md, MDC2_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1MDC2\s0 is a method to construct hash functions with 128 bit output from +block ciphers. These functions are an implementation of \s-1MDC2\s0 with +\&\s-1DES\s0. +.PP +\&\fIMDC2()\fR computes the \s-1MDC2\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIMDC2_Init()\fR initializes a \fB\s-1MDC2_CTX\s0\fR structure. +.PP +\&\fIMDC2_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIMDC2_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1MDC2_DIGEST_LENGTH\s0 == 16 bytes of output, and erases the \fB\s-1MDC2_CTX\s0\fR. +.PP +Applications should use the higher level functions +EVP_DigestInit(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIMDC2()\fR returns a pointer to the hash value. +.PP +\&\fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR do not return values. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-2, with \s-1DES\s0 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +sha(3), EVP_DigestInit(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIMDC2()\fR, \fIMDC2_Init()\fR, \fIMDC2_Update()\fR and \fIMDC2_Final()\fR are available since +SSLeay 0.8. diff --git a/secure/lib/libcrypto/man/nseq.1 b/secure/lib/libcrypto/man/nseq.1 new file mode 100644 index 0000000..3ff5cf9 --- /dev/null +++ b/secure/lib/libcrypto/man/nseq.1 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:26 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "NSEQ 1" +.TH NSEQ 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +nseq \- create or examine a netscape certificate sequence +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBnseq\fR +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-toseq\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBnseq\fR command takes a file containing a Netscape certificate +sequence and prints out the certificates contained in it or takes a +file of certificates and converts it into a Netscape certificate +sequence. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read or standard input if this +option is not specified. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename or standard output by default. +.Ip "\fB\-toseq\fR" 4 +.IX Item "-toseq" +normally a Netscape certificate sequence will be input and the output +is the certificates contained in it. With the \fB\-toseq\fR option the +situation is reversed: a Netscape certificate sequence is created from +a file of certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Output the certificates in a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq -in nseq.pem -out certs.pem +.Ve +Create a Netscape certificate sequence +.PP +.Vb 1 +\& openssl nseq -in certs.pem -toseq -out nseq.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate: +.PP +.Vb 2 +\& -----BEGIN CERTIFICATE----- +\& -----END CERTIFICATE----- +.Ve +A Netscape certificate sequence is a Netscape specific form that can be sent +to browsers as an alternative to the standard PKCS#7 format when several +certificates are sent to the browser: for example during certificate enrollment. +It is used by Netscape certificate server for example. +.SH "BUGS" +.IX Header "BUGS" +This program needs a few more options: like allowing \s-1DER\s0 or \s-1PEM\s0 input and +output files and allowing multiple certificate files to be used. diff --git a/secure/lib/libcrypto/man/openssl.1 b/secure/lib/libcrypto/man/openssl.1 new file mode 100644 index 0000000..f2e13a3 --- /dev/null +++ b/secure/lib/libcrypto/man/openssl.1 @@ -0,0 +1,404 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:29 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "OPENSSL 1" +.TH OPENSSL 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +openssl \- OpenSSL command line tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR +\&\fIcommand\fR +[ \fIcommand_opts\fR ] +[ \fIcommand_args\fR ] +.PP +\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ] +.PP +\&\fBopenssl\fR \fBno-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0 +v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related +cryptography standards required by them. +.PP +The \fBopenssl\fR program is a command line tool for using the various +cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. +It can be used for +.PP +.Vb 6 +\& o Creation of RSA, DH and DSA key parameters +\& o Creation of X.509 certificates, CSRs and CRLs +\& o Calculation of Message Digests +\& o Encryption and Decryption with Ciphers +\& o SSL/TLS Client and Server Tests +\& o Handling of S/MIME signed or encrypted mail +.Ve +.SH "COMMAND SUMMARY" +.IX Header "COMMAND SUMMARY" +The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the +\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments +(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0). +.PP +The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR, +and \fBlist-cipher-commands\fR output a list (one entry per line) of the names +of all standard commands, message digest commands, or cipher commands, +respectively, that are available in the present \fBopenssl\fR utility. +.PP +The pseudo-command \fBno-\fR\fI\s-1XXX\s0\fR tests whether a command of the +specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it +returns 0 (success) and prints \fBno-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1 +and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and +nothing is printed to \fBstderr\fR. Additional command line arguments +are always ignored. Since for each cipher there is a command of the +same name, this provides an easy way for shell scripts to test for the +availability of ciphers in the \fBopenssl\fR program. (\fBno-\fR\fI\s-1XXX\s0\fR is +not able to detect pseudo-commands such as \fBquit\fR, +\&\fBlist-\fR\fI...\fR\fB\-commands\fR, or \fBno-\fR\fI\s-1XXX\s0\fR itself.) +.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0" +.IX Subsection "STANDARD COMMANDS" +.Ip "\fBasn1parse\fR" 10 +.IX Item "asn1parse" +Parse an \s-1ASN\s0.1 sequence. +.Ip "\fBca\fR" 10 +.IX Item "ca" +Certificate Authority (\s-1CA\s0) Management. +.Ip "\fBciphers\fR" 10 +.IX Item "ciphers" +Cipher Suite Description Determination. +.Ip "\fBcrl\fR" 10 +.IX Item "crl" +Certificate Revocation List (\s-1CRL\s0) Management. +.Ip "\fBcrl2pkcs7\fR" 10 +.IX Item "crl2pkcs7" +\&\s-1CRL\s0 to PKCS#7 Conversion. +.Ip "\fBdgst\fR" 10 +.IX Item "dgst" +Message Digest Calculation. +.Ip "\fBdh\fR" 10 +.IX Item "dh" +Diffie-Hellman Parameter Management. +Obsoleted by \fBdhparam\fR. +.Ip "\fBdsa\fR" 10 +.IX Item "dsa" +\&\s-1DSA\s0 Data Management. +.Ip "\fBdsaparam\fR" 10 +.IX Item "dsaparam" +\&\s-1DSA\s0 Parameter Generation. +.Ip "\fBenc\fR" 10 +.IX Item "enc" +Encoding with Ciphers. +.Ip "\fBerrstr\fR" 10 +.IX Item "errstr" +Error Number to Error String Conversion. +.Ip "\fBdhparam\fR" 10 +.IX Item "dhparam" +Generation and Management of Diffie-Hellman Parameters. +.Ip "\fBgendh\fR" 10 +.IX Item "gendh" +Generation of Diffie-Hellman Parameters. +Obsoleted by \fBdhparam\fR. +.Ip "\fBgendsa\fR" 10 +.IX Item "gendsa" +Generation of \s-1DSA\s0 Parameters. +.Ip "\fBgenrsa\fR" 10 +.IX Item "genrsa" +Generation of \s-1RSA\s0 Parameters. +.Ip "\fBpasswd\fR" 10 +.IX Item "passwd" +Generation of hashed passwords. +.Ip "\fBpkcs12\fR" 10 +.IX Item "pkcs12" +PKCS#12 Data Management. +.Ip "\fBpkcs7\fR" 10 +.IX Item "pkcs7" +PKCS#7 Data Management. +.Ip "\fBrand\fR" 10 +.IX Item "rand" +Generate pseudo-random bytes. +.Ip "\fBreq\fR" 10 +.IX Item "req" +X.509 Certificate Signing Request (\s-1CSR\s0) Management. +.Ip "\fBrsa\fR" 10 +.IX Item "rsa" +\&\s-1RSA\s0 Data Management. +.Ip "\fBrsautl\fR" 10 +.IX Item "rsautl" +\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption. +.Ip "\fBs_client\fR" 10 +.IX Item "s_client" +This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent +connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing +purposes only and provides only rudimentary interface functionality but +internally uses mostly all functionality of the OpenSSL \fBssl\fR library. +.Ip "\fBs_server\fR" 10 +.IX Item "s_server" +This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote +clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides +only rudimentary interface functionality but internally uses mostly all +functionality of the OpenSSL \fBssl\fR library. It provides both an own command +line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response +facility to emulate an SSL/TLS-aware webserver. +.Ip "\fBs_time\fR" 10 +.IX Item "s_time" +\&\s-1SSL\s0 Connection Timer. +.Ip "\fBsess_id\fR" 10 +.IX Item "sess_id" +\&\s-1SSL\s0 Session Data Management. +.Ip "\fBsmime\fR" 10 +.IX Item "smime" +S/MIME mail processing. +.Ip "\fBspeed\fR" 10 +.IX Item "speed" +Algorithm Speed Measurement. +.Ip "\fBverify\fR" 10 +.IX Item "verify" +X.509 Certificate Verification. +.Ip "\fBversion\fR" 10 +.IX Item "version" +OpenSSL Version Information. +.Ip "\fBx509\fR" 10 +.IX Item "x509" +X.509 Certificate Data Management. +.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" +.IX Subsection "MESSAGE DIGEST COMMANDS" +.Ip "\fBmd2\fR" 10 +.IX Item "md2" +\&\s-1MD2\s0 Digest +.Ip "\fBmd5\fR" 10 +.IX Item "md5" +\&\s-1MD5\s0 Digest +.Ip "\fBmdc2\fR" 10 +.IX Item "mdc2" +\&\s-1MDC2\s0 Digest +.Ip "\fBrmd160\fR" 10 +.IX Item "rmd160" +\&\s-1RMD-160\s0 Digest +.Ip "\fBsha\fR" 10 +.IX Item "sha" +\&\s-1SHA\s0 Digest +.Ip "\fBsha1\fR" 10 +.IX Item "sha1" +\&\s-1SHA-1\s0 Digest +.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" +.IX Subsection "ENCODING AND CIPHER COMMANDS" +.Ip "\fBbase64\fR" 10 +.IX Item "base64" +Base64 Encoding +.Ip "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10 +.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb" +Blowfish Cipher +.Ip "\fBcast cast-cbc\fR" 10 +.IX Item "cast cast-cbc" +\&\s-1CAST\s0 Cipher +.Ip "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10 +.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb" +\&\s-1CAST5\s0 Cipher +.Ip "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10 +.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb" +\&\s-1DES\s0 Cipher +.Ip "\fBdes3 desx des-ede3 des-ede3\-cbc des-ede3\-cfb des-ede3\-ofb\fR" 10 +.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb" +Triple-DES Cipher +.Ip "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10 +.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb" +\&\s-1IDEA\s0 Cipher +.Ip "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10 +.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb" +\&\s-1RC2\s0 Cipher +.Ip "\fBrc4\fR" 10 +.IX Item "rc4" +\&\s-1RC4\s0 Cipher +.Ip "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10 +.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb" +\&\s-1RC5\s0 Cipher +.SH "PASS PHRASE ARGUMENTS" +.IX Header "PASS PHRASE ARGUMENTS" +Several commands accept password arguments, typically using \fB\-passin\fR +and \fB\-passout\fR for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. +.Ip "\fBpass:password\fR" 10 +.IX Item "pass:password" +the actual password is \fBpassword\fR. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. +.Ip "\fBenv:var\fR" 10 +.IX Item "env:var" +obtain the password from the environment variable \fBvar\fR. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. +.Ip "\fBfile:pathname\fR" 10 +.IX Item "file:pathname" +the first line of \fBpathname\fR is the password. If the same \fBpathname\fR +argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first +line will be used for the input password and the next line for the output +password. \fBpathname\fR need not refer to a regular file: it could for example +refer to a device or named pipe. +.Ip "\fBfd:number\fR" 10 +.IX Item "fd:number" +read the password from the file descriptor \fBnumber\fR. This can be used to +send the data via a pipe for example. +.Ip "\fBstdin\fR" 10 +.IX Item "stdin" +read the password from standard input. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +asn1parse(1), ca(1), config(5), +crl(1), crl2pkcs7(1), dgst(1), +dhparam(1), dsa(1), dsaparam(1), +enc(1), gendsa(1), +genrsa(1), nseq(1), openssl(1), +passwd(1), +pkcs12(1), pkcs7(1), pkcs8(1), +rand(1), req(1), rsa(1), +rsautl(1), s_client(1), +s_server(1), smime(1), spkac(1), +verify(1), version(1), x509(1), +crypto(3), ssl(3) +.SH "HISTORY" +.IX Header "HISTORY" +The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. +The \fBlist-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3; +the \fBno-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a. +For notes on the availability of other commands, see their individual +manual pages. diff --git a/secure/lib/libcrypto/man/passwd.1 b/secure/lib/libcrypto/man/passwd.1 new file mode 100644 index 0000000..422e944 --- /dev/null +++ b/secure/lib/libcrypto/man/passwd.1 @@ -0,0 +1,198 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:32 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PASSWD 1" +.TH PASSWD 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +passwd \- compute password hashes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl passwd\fR +[\fB\-crypt\fR] +[\fB\-1\fR] +[\fB\-apr1\fR] +[\fB\-salt\fR \fIstring\fR] +[\fB\-in\fR \fIfile\fR] +[\fB\-stdin\fR] +[\fB\-quiet\fR] +[\fB\-table\fR] +{\fIpassword\fR} +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpasswd\fR command computes the hash of a password typed at +run-time or the hash of each password in a list. The password list is +taken from the named file for option \fB\-in file\fR, from stdin for +option \fB\-stdin\fR, and from the command line otherwise. +The Unix standard algorithm \fBcrypt\fR and the MD5\-based \s-1BSD\s0 password +algorithm \fB1\fR and its Apache variant \fBapr1\fR are available. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-crypt\fR" 4 +.IX Item "-crypt" +Use the \fBcrypt\fR algorithm (default). +.Ip "\fB\-1\fR" 4 +.IX Item "-1" +Use the \s-1MD5\s0 based \s-1BSD\s0 password algorithm \fB1\fR. +.Ip "\fB\-apr1\fR" 4 +.IX Item "-apr1" +Use the \fBapr1\fR algorithm (Apache variant of the \s-1BSD\s0 algorithm). +.Ip "\fB\-salt\fR \fIstring\fR" 4 +.IX Item "-salt string" +Use the specified salt. +.Ip "\fB\-in\fR \fIfile\fR" 4 +.IX Item "-in file" +Read passwords from \fIfile\fR. +.Ip "\fB\-stdin\fR" 4 +.IX Item "-stdin" +Read passwords from \fBstdin\fR. +.Ip "\fB\-quiet\fR" 4 +.IX Item "-quiet" +Don't output warnings when passwords given at the command line are truncated. +.Ip "\fB\-table\fR" 4 +.IX Item "-table" +In the output list, prepend the cleartext password and a \s-1TAB\s0 character +to each password hash. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +\&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR. +.PP +\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1\fR. +.PP +\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR. diff --git a/secure/lib/libcrypto/man/pkcs12.1 b/secure/lib/libcrypto/man/pkcs12.1 new file mode 100644 index 0000000..4790ee7 --- /dev/null +++ b/secure/lib/libcrypto/man/pkcs12.1 @@ -0,0 +1,429 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:35 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS12 1" +.TH PKCS12 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +pkcs12 \- PKCS#12 file utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs12\fR +[\fB\-export\fR] +[\fB\-chain\fR] +[\fB\-inkey filename\fR] +[\fB\-certfile filename\fR] +[\fB\-name name\fR] +[\fB\-caname name\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-noout\fR] +[\fB\-nomacver\fR] +[\fB\-nocerts\fR] +[\fB\-clcerts\fR] +[\fB\-cacerts\fR] +[\fB\-nokeys\fR] +[\fB\-info\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-nodes\fR] +[\fB\-noiter\fR] +[\fB\-maciter\fR] +[\fB\-twopass\fR] +[\fB\-descert\fR] +[\fB\-certpbe\fR] +[\fB\-keypbe\fR] +[\fB\-keyex\fR] +[\fB\-keysig\fR] +[\fB\-password arg\fR] +[\fB\-passin arg\fR] +[\fB\-passout arg\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs12\fR command allows PKCS#12 files (sometimes referred to as +\&\s-1PFX\s0 files) to be created and parsed. PKCS#12 files are used by several +programs including Netscape, \s-1MSIE\s0 and \s-1MS\s0 Outlook. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +There are a lot of options the meaning of some depends of whether a PKCS#12 file +is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12 +file can be created by using the \fB\-export\fR option (see below). +.SH "PARSING OPTIONS" +.IX Header "PARSING OPTIONS" +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies filename of the PKCS#12 file to be parsed. Standard input is used +by default. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +The filename to write certificates and private keys to, standard output by default. +They are all written in \s-1PEM\s0 format. +.Ip "\fB\-pass arg\fR, \fB\-passin arg\fR" 4 +.IX Item "-pass arg, -passin arg" +the PKCS#12 file (i.e. input file) password source. For more information about the +format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +openssl(1). +.Ip "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +pass phrase source to encrypt any outputed private keys with. For more information +about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +openssl(1). +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option inhibits output of the keys and certificates to the output file version +of the PKCS#12 file. +.Ip "\fB\-clcerts\fR" 4 +.IX Item "-clcerts" +only output client certificates (not \s-1CA\s0 certificates). +.Ip "\fB\-cacerts\fR" 4 +.IX Item "-cacerts" +only output \s-1CA\s0 certificates (not client certificates). +.Ip "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +no certificates at all will be output. +.Ip "\fB\-nokeys\fR" 4 +.IX Item "-nokeys" +no private keys will be output. +.Ip "\fB\-info\fR" 4 +.IX Item "-info" +output additional information about the PKCS#12 file structure, algorithms used and +iteration counts. +.Ip "\fB\-des\fR" 4 +.IX Item "-des" +use \s-1DES\s0 to encrypt private keys before outputting. +.Ip "\fB\-des3\fR" 4 +.IX Item "-des3" +use triple \s-1DES\s0 to encrypt private keys before outputting, this is the default. +.Ip "\fB\-idea\fR" 4 +.IX Item "-idea" +use \s-1IDEA\s0 to encrypt private keys before outputting. +.Ip "\fB\-nodes\fR" 4 +.IX Item "-nodes" +don't encrypt the private keys at all. +.Ip "\fB\-nomacver\fR" 4 +.IX Item "-nomacver" +don't attempt to verify the integrity \s-1MAC\s0 before reading the file. +.Ip "\fB\-twopass\fR" 4 +.IX Item "-twopass" +prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. +.SH "FILE CREATION OPTIONS" +.IX Header "FILE CREATION OPTIONS" +.Ip "\fB\-export\fR" 4 +.IX Item "-export" +This option specifies that a PKCS#12 file will be created rather than +parsed. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies filename to write the PKCS#12 file to. Standard output is used +by default. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +The filename to read certificates and private keys from, standard input by default. +They must all be in \s-1PEM\s0 format. The order doesn't matter but one private key and +its corresponding certificate should be present. If additional certificates are +present they will also be included in the PKCS#12 file. +.Ip "\fB\-inkey filename\fR" 4 +.IX Item "-inkey filename" +file to read private key from. If not present then a private key must be present +in the input file. +.Ip "\fB\-name friendlyname\fR" 4 +.IX Item "-name friendlyname" +This specifies the \*(L"friendly name\*(R" for the certificate and private key. This name +is typically displayed in list boxes by software importing the file. +.Ip "\fB\-certfile filename\fR" 4 +.IX Item "-certfile filename" +A filename to read additional certificates from. +.Ip "\fB\-caname friendlyname\fR" 4 +.IX Item "-caname friendlyname" +This specifies the \*(L"friendly name\*(R" for other certificates. This option may be +used multiple times to specify names for all certificates in the order they +appear. Netscape ignores friendly names on other certificates whereas \s-1MSIE\s0 +displays them. +.Ip "\fB\-pass arg\fR, \fB\-passout arg\fR" 4 +.IX Item "-pass arg, -passout arg" +the PKCS#12 file (i.e. output file) password source. For more information about +the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +openssl(1). +.Ip "\fB\-passin password\fR" 4 +.IX Item "-passin password" +pass phrase source to decrypt any input private keys with. For more information +about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in +openssl(1). +.Ip "\fB\-chain\fR" 4 +.IX Item "-chain" +if this option is present then an attempt is made to include the entire +certificate chain of the user certificate. The standard \s-1CA\s0 store is used +for this search. If the search fails it is considered a fatal error. +.Ip "\fB\-descert\fR" 4 +.IX Item "-descert" +encrypt the certificate using triple \s-1DES\s0, this may render the PKCS#12 +file unreadable by some \*(L"export grade\*(R" software. By default the private +key is encrypted using triple \s-1DES\s0 and the certificate using 40 bit \s-1RC2\s0. +.Ip "\fB\-keypbe alg\fR, \fB\-certpbe alg\fR" 4 +.IX Item "-keypbe alg, -certpbe alg" +these options allow the algorithm used to encrypt the private key and +certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms +can be selected it is advisable only to use PKCS#12 algorithms. See the list +in the \fB\s-1NOTES\s0\fR section for more information. +.Ip "\fB\-keyex|\-keysig\fR" 4 +.IX Item "-keyex|-keysig" +specifies that the private key is to be used for key exchange or just signing. +This option is only interpreted by \s-1MSIE\s0 and similar \s-1MS\s0 software. Normally +\&\*(L"export grade\*(R" software will only allow 512 bit \s-1RSA\s0 keys to be used for +encryption purposes but arbitrary length keys for signing. The \fB\-keysig\fR +option marks the key for signing only. Signing only keys can be used for +S/MIME signing, authenticode (ActiveX control signing) and \s-1SSL\s0 client +authentication, however due to a bug only \s-1MSIE\s0 5.0 and later support +the use of signing only keys for \s-1SSL\s0 client authentication. +.Ip "\fB\-nomaciter\fR, \fB\-noiter\fR" 4 +.IX Item "-nomaciter, -noiter" +these options affect the iteration counts on the \s-1MAC\s0 and key algorithms. +Unless you wish to produce files compatible with \s-1MSIE\s0 4.0 you should leave +these options alone. +.Sp +To discourage attacks by using large dictionaries of common passwords the +algorithm that derives keys from passwords can have an iteration count applied +to it: this causes a certain part of the algorithm to be repeated and slows it +down. The \s-1MAC\s0 is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +By default both \s-1MAC\s0 and encryption iteration counts are set to 2048, using +these options the \s-1MAC\s0 and encryption iteration counts can be set to 1, since +this reduces the file security you should not use these options unless you +really have to. Most software supports both \s-1MAC\s0 and key iteration counts. +\&\s-1MSIE\s0 4.0 doesn't support \s-1MAC\s0 iteration counts so it needs the \fB\-nomaciter\fR +option. +.Ip "\fB\-maciter\fR" 4 +.IX Item "-maciter" +This option is included for compatibility with previous versions, it used +to be needed to use \s-1MAC\s0 iterations counts but they are now used by default. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.SH "NOTES" +.IX Header "NOTES" +Although there are a large number of options most of them are very rarely +used. For PKCS#12 file parsing only \fB\-in\fR and \fB\-out\fR need to be used +for PKCS#12 file creation \fB\-export\fR and \fB\-name\fR are also used. +.PP +If none of the \fB\-clcerts\fR, \fB\-cacerts\fR or \fB\-nocerts\fR options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the \fB\-clcerts\fR option will solve this problem by only +outputing the certificate corresponding to the private key. If the \s-1CA\s0 +certificates are required then they can be output to a separate file using +the \fB\-nokeys \-cacerts\fR options to just output \s-1CA\s0 certificates. +.PP +The \fB\-keypbe\fR and \fB\-certpbe\fR algorithms allow the precise encryption +algorithms for private keys and certificates to be specified. Normally +the defaults are fine but occasionally software can't handle triple \s-1DES\s0 +encrypted private keys, then the option \fB\-keypbe \s-1PBE-SHA1\-RC2\-40\s0\fR can +be used to reduce the private key encryption to 40 bit \s-1RC2\s0. A complete +description of all algorithms is contained in the \fBpkcs8\fR manual page. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Parse a PKCS#12 file and output it to a file: +.PP +.Vb 1 +\& openssl pkcs12 -in file.p12 -out file.pem +.Ve +Output only client certificates to a file: +.PP +.Vb 1 +\& openssl pkcs12 -in file.p12 -clcerts -out file.pem +.Ve +Don't encrypt the private key: +.PP +.Vb 1 +\& openssl pkcs12 -in file.p12 -out file.pem -nodes +.Ve +Print some info about a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 -in file.p12 -info -noout +.Ve +Create a PKCS#12 file: +.PP +.Vb 1 +\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" +.Ve +Include some extra certificates: +.PP +.Vb 2 +\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \e +\& -certfile othercerts.pem +.Ve +.SH "BUGS" +.IX Header "BUGS" +Some would argue that the PKCS#12 standard is one big bug :\-) +.PP +Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation +routines. Under rare circumstances this could produce a PKCS#12 file encrypted +with an invalid key. As a result some PKCS#12 files which triggered this bug +from other implementations (\s-1MSIE\s0 or Netscape) could not be decrypted +by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could +not be decrypted by other implementations. The chances of producing such +a file are relatively small: less than 1 in 256. +.PP +A side effect of fixing this bug is that any old invalidly encrypted PKCS#12 +files cannot no longer be parsed by the fixed version. Under such circumstances +the \fBpkcs12\fR utility will report that the \s-1MAC\s0 is \s-1OK\s0 but fail with a decryption +error when extracting private keys. +.PP +This problem can be resolved by extracting the private keys and certificates +from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12 +file from the keys and certificates using a newer version of OpenSSL. For example: +.PP +.Vb 2 +\& old-openssl -in bad.p12 -out keycerts.pem +\& openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 +.Ve +.SH "SEE ALSO" +.IX Header "SEE ALSO" +pkcs8(1) diff --git a/secure/lib/libcrypto/man/pkcs7.1 b/secure/lib/libcrypto/man/pkcs7.1 new file mode 100644 index 0000000..9a0c820 --- /dev/null +++ b/secure/lib/libcrypto/man/pkcs7.1 @@ -0,0 +1,223 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:38 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS7 1" +.TH PKCS7 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +pkcs7 \- PKCS#7 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs7\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-print_certs\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded PKCS#7 +v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of +the \s-1DER\s0 form with header and footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.Ip "\fB\-print_certs\fR" 4 +.IX Item "-print_certs" +prints out any certificates or CRLs contained in the file. They are +preceded by their subject and issuer names in one line format. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +prints out certificates details in full rather than just subject and +issuer names. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +don't output the encoded version of the PKCS#7 structure (or certificates +is \fB\-print_certs\fR is set). +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 +.PP +.Vb 1 +\& openssl pkcs7 -in file.pem -outform DER -out file.der +.Ve +Output all certificates in a file: +.PP +.Vb 1 +\& openssl pkcs7 -in file.pem -print_certs -out certs.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN PKCS7----- +\& -----END PKCS7----- +.Ve +For compatability with some CAs it will also accept: +.PP +.Vb 2 +\& -----BEGIN CERTIFICATE----- +\& -----END CERTIFICATE----- +.Ve +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +There is no option to print out all the fields of a PKCS#7 file. +.PP +This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in \s-1RFC2315\s0 they +cannot currently parse, for example, the new \s-1CMS\s0 as described in \s-1RFC2630\s0. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +crl2pkcs7(1) diff --git a/secure/lib/libcrypto/man/pkcs8.1 b/secure/lib/libcrypto/man/pkcs8.1 new file mode 100644 index 0000000..52ffeaa --- /dev/null +++ b/secure/lib/libcrypto/man/pkcs8.1 @@ -0,0 +1,348 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:40 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "PKCS8 1" +.TH PKCS8 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +pkcs8 \- PKCS#8 format private key conversion tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBpkcs8\fR +[\fB\-topk8\fR] +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-noiter\fR] +[\fB\-nocrypt\fR] +[\fB\-nooct\fR] +[\fB\-embed\fR] +[\fB\-nsdb\fR] +[\fB\-v2 alg\fR] +[\fB\-v1 alg\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle +both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo +format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-topk8\fR" 4 +.IX Item "-topk8" +Normally a PKCS#8 private key is expected on input and a traditional format +private key will be written. With the \fB\-topk8\fR option the situation is +reversed: it reads a traditional format private key and writes a PKCS#8 +format key. +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. If a PKCS#8 format key is expected on input +then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be +expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format +private key is used. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.Ip "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output by +default. If any encryption options are set then a pass phrase will be +prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.Ip "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-nocrypt\fR" 4 +.IX Item "-nocrypt" +PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo +structures using an appropriate password based encryption algorithm. With +this option an unencrypted PrivateKeyInfo structure is expected or output. +This option does not encrypt private keys at all and should only be used +when absolutely necessary. Certain software such as some versions of Java +code signing software used unencrypted private keys. +.Ip "\fB\-nooct\fR" 4 +.IX Item "-nooct" +This option generates \s-1RSA\s0 private keys in a broken format that some software +uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0 +but some software just includes the structure itself without the +surrounding \s-1OCTET\s0 \s-1STRING\s0. +.Ip "\fB\-embed\fR" 4 +.IX Item "-embed" +This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are +embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0 +contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing +the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key. +.Ip "\fB\-nsdb\fR" 4 +.IX Item "-nsdb" +This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape +private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of +the public and private keys respectively. +.Ip "\fB\-v2 alg\fR" 4 +.IX Item "-v2 alg" +This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8 +private keys are encrypted with the password based encryption algorithm +called \fBpbeWithMD5AndDES-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it +was the strongest encryption algorithm supported in PKCS#5 v1.5. Using +the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any +encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however +not many implementations support PKCS#5 v2.0 yet. If you are just using +private keys with OpenSSL then this doesn't matter. +.Sp +The \fBalg\fR argument is the encryption algorithm to use, valid values include +\&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used. +.Ip "\fB\-v1 alg\fR" 4 +.IX Item "-v1 alg" +This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete +list of possible algorithms is included below. +.SH "NOTES" +.IX Header "NOTES" +The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following +headers and footers: +.PP +.Vb 2 +\& -----BEGIN ENCRYPTED PRIVATE KEY----- +\& -----END ENCRYPTED PRIVATE KEY----- +.Ve +The unencrypted form uses: +.PP +.Vb 2 +\& -----BEGIN PRIVATE KEY----- +\& -----END PRIVATE KEY----- +.Ve +Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration +counts are more secure that those encrypted using the traditional +SSLeay compatible formats. So if additional security is considered +important the keys should be converted. +.PP +The default encryption is only 56 bits because this is the encryption +that most current implementations of PKCS#8 will support. +.PP +Some software may use PKCS#12 password based encryption algorithms +with PKCS#8 format private keys: these are handled automatically +but there is no option to produce them. +.PP +It is possible to write out \s-1DER\s0 encoded encrypted private keys in +PKCS#8 format because the encryption details are included at an \s-1ASN1\s0 +level whereas the traditional format includes them at a \s-1PEM\s0 level. +.SH "PKCS#5 v1.5 and PKCS#12 algorithms." +.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms." +Various algorithms can be used with the \fB\-v1\fR command line option, +including PKCS#5 v1.5 and PKCS#12. These are described in more detail +below. +.Ip "\fB\s-1PBE-MD2\-DES\s0 \s-1PBE-MD5\-DES\s0\fR" 4 +.IX Item "PBE-MD2-DES PBE-MD5-DES" +These algorithms were included in the original PKCS#5 v1.5 specification. +They only offer 56 bits of protection since they both use \s-1DES\s0. +.Ip "\fB\s-1PBE-SHA1\-RC2\-64\s0 \s-1PBE-MD2\-RC2\-64\s0 \s-1PBE-MD5\-RC2\-64\s0 \s-1PBE-SHA1\-DES\s0\fR" 4 +.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES" +These algorithms are not mentioned in the original PKCS#5 v1.5 specification +but they use the same key derivation algorithm and are supported by some +software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or +56 bit \s-1DES\s0. +.Ip "\fB\s-1PBE-SHA1\-RC4\-128\s0 \s-1PBE-SHA1\-RC4\-40\s0 \s-1PBE-SHA1\-3DES\s0 \s-1PBE-SHA1\-2DES\s0 \s-1PBE-SHA1\-RC2\-128\s0 \s-1PBE-SHA1\-RC2\-40\s0\fR" 4 +.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40" +These algorithms use the PKCS#12 password based encryption algorithm and +allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Convert a private from traditional to PKCS#5 v2.0 format using triple +\&\s-1DES:\s0 +.PP +.Vb 1 +\& openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem +.Ve +Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm +(\s-1DES\s0): +.PP +.Vb 1 +\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem +.Ve +Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm +(3DES): +.PP +.Vb 1 +\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES +.Ve +Read a \s-1DER\s0 unencrypted PKCS#8 format private key: +.PP +.Vb 1 +\& openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem +.Ve +Convert a private key from any PKCS#8 format to traditional format: +.PP +.Vb 1 +\& openssl pkcs8 -in pk8.pem -out key.pem +.Ve +.SH "STANDARDS" +.IX Header "STANDARDS" +Test vectors from this PKCS#5 v2.0 implementation were posted to the +pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration +counts, several people confirmed that they could decrypt the private +keys produced and Therefore it can be assumed that the PKCS#5 v2.0 +implementation is reasonably accurate at least as far as these +algorithms are concerned. +.PP +The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented: +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0 +PKCS#8 private key format complies with this standard. +.SH "BUGS" +.IX Header "BUGS" +There should be an option that prints out the encryption algorithm +in use and other details such as the iteration count. +.PP +PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private +key format for OpenSSL: for compatibility several of the utilities use +the old format at present. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dsa(1), rsa(1), genrsa(1), +gendsa(1) diff --git a/secure/lib/libcrypto/man/rand.1 b/secure/lib/libcrypto/man/rand.1 new file mode 100644 index 0000000..1f2ceff --- /dev/null +++ b/secure/lib/libcrypto/man/rand.1 @@ -0,0 +1,177 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:43 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND 1" +.TH RAND 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +rand \- generate pseudo-random bytes +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl rand\fR +[\fB\-out\fR \fIfile\fR] +[\fB\-rand\fR \fI\fIfile\fI\|(s)\fR] +[\fB\-base64\fR] +\&\fInum\fR +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding +the random number generater once. As in other \fBopenssl\fR command +line tools, \s-1PRNG\s0 seeding uses the file \fI$HOME/\fR\fB.rnd\fR or \fB.rnd\fR +in addition to the files given in the \fB\-rand\fR option. A new +\&\fI$HOME\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough +seeding was obtained from these sources. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-out\fR \fIfile\fR" 4 +.IX Item "-out file" +Write to \fIfile\fR instead of standard output. +.Ip "\fB\-rand\fR \fI\fIfile\fI\|(s)\fR" 4 +.IX Item "-rand file" +Use specified file or files or \s-1EGD\s0 socket (see RAND_egd(3)) +for seeding the random number generator. +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fB\-base64\fR" 4 +.IX Item "-base64" +Perform base64 encoding on the output. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +RAND_bytes(3) diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 new file mode 100644 index 0000000..679138f --- /dev/null +++ b/secure/lib/libcrypto/man/rand.3 @@ -0,0 +1,287 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:34 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RAND 1" +.TH RAND 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +rand \- pseudo-random number generator +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rand.h> +.Ve +.Vb 2 +\& int RAND_bytes(unsigned char *buf, int num); +\& int RAND_pseudo_bytes(unsigned char *buf, int num); +.Ve +.Vb 4 +\& void RAND_seed(const void *buf, int num); +\& void RAND_add(const void *buf, int num, int entropy); +\& int RAND_status(void); +\& void RAND_screen(void); +.Ve +.Vb 3 +\& int RAND_load_file(const char *file, long max_bytes); +\& int RAND_write_file(const char *file); +\& const char *RAND_file_name(char *file, size_t num); +.Ve +.Vb 1 +\& int RAND_egd(const char *path); +.Ve +.Vb 3 +\& void RAND_set_rand_method(RAND_METHOD *meth); +\& RAND_METHOD *RAND_get_rand_method(void); +\& RAND_METHOD *RAND_SSLeay(void); +.Ve +.Vb 1 +\& void RAND_cleanup(void); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement a cryptographically secure pseudo-random +number generator (\s-1PRNG\s0). It is used by other library functions for +example to generate random keys, and applications can use it when they +need randomness. +.PP +A cryptographic \s-1PRNG\s0 must be seeded with unpredictable data such as +mouse movements or keys pressed at random by the user. This is +described in RAND_add(3). Its state can be saved in a seed file +(see RAND_load_file(3)) to avoid having to go through the +seeding process whenever the application is started. +.PP +RAND_bytes(3) describes how to obtain random data from the +\&\s-1PRNG\s0. +.SH "INTERNALS" +.IX Header "INTERNALS" +The \fIRAND_SSLeay()\fR method implements a \s-1PRNG\s0 based on a cryptographic +hash function. +.PP +The following description of its design is based on the SSLeay +documentation: +.PP +First up I will state the things I believe I need for a good \s-1RNG\s0. +.Ip "1" 4 +.IX Item "1" +A good hashing algorithm to mix things up and to convert the \s-1RNG\s0 'state' +to random numbers. +.Ip "2" 4 +.IX Item "2" +An initial source of random 'state'. +.Ip "3" 4 +.IX Item "3" +The state should be very large. If the \s-1RNG\s0 is being used to generate +4096 bit \s-1RSA\s0 keys, 2 2048 bit random strings are required (at a minimum). +If your \s-1RNG\s0 state only has 128 bits, you are obviously limiting the +search space to 128 bits, not 2048. I'm probably getting a little +carried away on this last point but it does indicate that it may not be +a bad idea to keep quite a lot of \s-1RNG\s0 state. It should be easier to +break a cipher than guess the \s-1RNG\s0 seed data. +.Ip "4" 4 +.IX Item "4" +Any \s-1RNG\s0 seed data should influence all subsequent random numbers +generated. This implies that any random seed data entered will have +an influence on all subsequent random numbers generated. +.Ip "5" 4 +.IX Item "5" +When using data to seed the \s-1RNG\s0 state, the data used should not be +extractable from the \s-1RNG\s0 state. I believe this should be a +requirement because one possible source of 'secret' semi random +data would be a private key or a password. This data must +not be disclosed by either subsequent random numbers or a +\&'core' dump left by a program crash. +.Ip "6" 4 +.IX Item "6" +Given the same initial 'state', 2 systems should deviate in their \s-1RNG\s0 state +(and hence the random numbers generated) over time if at all possible. +.Ip "7" 4 +.IX Item "7" +Given the random number output stream, it should not be possible to determine +the \s-1RNG\s0 state or the next random number. +.PP +The algorithm is as follows. +.PP +There is global state made up of a 1023 byte buffer (the 'state'), a +working hash value ('md'), and a counter ('count'). +.PP +Whenever seed data is added, it is inserted into the 'state' as +follows. +.PP +The input is chopped up into units of 20 bytes (or less for +the last block). Each of these blocks is run through the hash +function as follows: The data passed to the hash function +is the current 'md', the same number of bytes from the 'state' +(the location determined by in incremented looping index) as +the current 'block', the new key data 'block', and 'count' +(which is incremented after each use). +The result of this is kept in 'md' and also xored into the +\&'state' at the same locations that were used as input into the +hash function. I +believe this system addresses points 1 (hash function; currently +\&\s-1SHA-1\s0), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash +function and xor). +.PP +When bytes are extracted from the \s-1RNG\s0, the following process is used. +For each group of 10 bytes (or less), we do the following: +.PP +Input into the hash function the local 'md' (which is initialized from +the global 'md' before any bytes are generated), the bytes that are to +be overwritten by the random bytes, and bytes from the 'state' +(incrementing looping index). From this digest output (which is kept +in 'md'), the top (up to) 10 bytes are returned to the caller and the +bottom 10 bytes are xored into the 'state'. +.PP +Finally, after we have finished 'num' random bytes for the caller, +\&'count' (which is incremented) and the local and global 'md' are fed +into the hash function and the results are kept in the global 'md'. +.PP +I believe the above addressed points 1 (use of \s-1SHA-1\s0), 6 (by hashing +into the 'state' the 'old' data from the caller that is about to be +overwritten) and 7 (by not using the 10 bytes given to the caller to +update the 'state', but they are used to update 'md'). +.PP +So of the points raised, only 2 is not addressed (but see +RAND_add(3)). +.SH "SEE ALSO" +.IX Header "SEE ALSO" +BN_rand(3), RAND_add(3), +RAND_load_file(3), RAND_egd(3), +RAND_bytes(3), +RAND_set_rand_method(3), +RAND_cleanup(3) diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 new file mode 100644 index 0000000..07643c9 --- /dev/null +++ b/secure/lib/libcrypto/man/rc4.3 @@ -0,0 +1,197 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:36 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RC4 1" +.TH RC4 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rc4.h> +.Ve +.Vb 1 +\& void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +.Ve +.Vb 2 +\& void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, +\& unsigned char *outdata); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This library implements the Alleged \s-1RC4\s0 cipher, which is described for +example in \fIApplied Cryptography\fR. It is believed to be compatible +with RC4[\s-1TM\s0], a proprietary cipher of \s-1RSA\s0 Security Inc. +.PP +\&\s-1RC4\s0 is a stream cipher with variable key length. Typically, 128 bit +(16 byte) keys are used for strong encryption, but shorter insecure +key sizes have been widely used due to export restrictions. +.PP +\&\s-1RC4\s0 consists of a key setup phase and the actual encryption or +decryption phase. +.PP +\&\fIRC4_set_key()\fR sets up the \fB\s-1RC4_KEY\s0\fR \fBkey\fR using the \fBlen\fR bytes long +key at \fBdata\fR. +.PP +\&\fIRC4()\fR encrypts or decrypts the \fBlen\fR bytes of data at \fBindata\fR using +\&\fBkey\fR and places the result at \fBoutdata\fR. Repeated \fIRC4()\fR calls with +the same \fBkey\fR yield a continuous key stream. +.PP +Since \s-1RC4\s0 is a stream cipher (the input is XORed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.PP +Applications should use the higher level functions +EVP_EncryptInit(3) +etc. instead of calling the \s-1RC4\s0 functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRC4_set_key()\fR and \fIRC4()\fR do not return values. +.SH "NOTE" +.IX Header "NOTE" +Certain conditions have to be observed to securely use stream ciphers. +It is not permissible to perform multiple encryptions using the same +key stream. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +blowfish(3), des(3), rc2(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRC4_set_key()\fR and \fIRC4()\fR are available in all versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/req.1 b/secure/lib/libcrypto/man/req.1 new file mode 100644 index 0000000..6e64557 --- /dev/null +++ b/secure/lib/libcrypto/man/req.1 @@ -0,0 +1,646 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:45 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "REQ 1" +.TH REQ 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +req \- PKCS#10 certificate and certificate generating utility. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBreq\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +[\fB\-modulus\fR] +[\fB\-new\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +[\fB\-newkey rsa:bits\fR] +[\fB\-newkey dsa:file\fR] +[\fB\-nodes\fR] +[\fB\-key filename\fR] +[\fB\-keyform PEM|DER\fR] +[\fB\-keyout filename\fR] +[\fB\-[md5|sha1|md2|mdc2]\fR] +[\fB\-config filename\fR] +[\fB\-x509\fR] +[\fB\-days n\fR] +[\fB\-asn1\-kludge\fR] +[\fB\-newhdr\fR] +[\fB\-extensions section\fR] +[\fB\-reqexts section\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBreq\fR command primarily creates and processes certificate requests +in PKCS#10 format. It can additionally create self signed certificates +for use as root CAs for example. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +form compatible with the PKCS#10. The \fB\s-1PEM\s0\fR form is the default format: it +consists of the \fB\s-1DER\s0\fR format base64 encoded with additional header and +footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a request from or standard input +if this option is not specified. A request is only read if the creation +options (\fB\-new\fR and \fB\-newkey\fR) are not specified. +.Ip "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.Ip "\fB\-passout arg\fR" 4 +.IX Item "-passout arg" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +prints out the certificate request in text form. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the encoded version of the request. +.Ip "\fB\-modulus\fR" 4 +.IX Item "-modulus" +this option prints out the value of the modulus of the public key +contained in the request. +.Ip "\fB\-verify\fR" 4 +.IX Item "-verify" +verifies the signature on the request. +.Ip "\fB\-new\fR" 4 +.IX Item "-new" +this option generates a new certificate request. It will prompt +the user for the relevant field values. The actual fields +prompted for and their maximum and minimum sizes are specified +in the configuration file and any requested extensions. +.Sp +If the \fB\-key\fR option is not used it will generate a new \s-1RSA\s0 private +key using information specified in the configuration file. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fB\-newkey arg\fR" 4 +.IX Item "-newkey arg" +this option creates a new certificate request and a new private +key. The argument takes one of two forms. \fBrsa:nbits\fR, where +\&\fBnbits\fR is the number of bits, generates an \s-1RSA\s0 key \fBnbits\fR +in size. \fBdsa:filename\fR generates a \s-1DSA\s0 key using the parameters +in the file \fBfilename\fR. +.Ip "\fB\-key filename\fR" 4 +.IX Item "-key filename" +This specifies the file to read the private key from. It also +accepts PKCS#8 format private keys for \s-1PEM\s0 format files. +.Ip "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +the format of the private key file specified in the \fB\-key\fR +argument. \s-1PEM\s0 is the default. +.Ip "\fB\-keyout filename\fR" 4 +.IX Item "-keyout filename" +this gives the filename to write the newly created private key to. +If this option is not specified then the filename present in the +configuration file is used. +.Ip "\fB\-nodes\fR" 4 +.IX Item "-nodes" +if this option is specified then if a private key is created it +will not be encrypted. +.Ip "\fB\-[md5|sha1|md2|mdc2]\fR" 4 +.IX Item "-[md5|sha1|md2|mdc2]" +this specifies the message digest to sign the request with. This +overrides the digest algorithm specified in the configuration file. +This option is ignored for \s-1DSA\s0 requests: they always use \s-1SHA1\s0. +.Ip "\fB\-config filename\fR" 4 +.IX Item "-config filename" +this allows an alternative configuration file to be specified, +this overrides the compile time filename or any specified in +the \fB\s-1OPENSSL_CONF\s0\fR environment variable. +.Ip "\fB\-x509\fR" 4 +.IX Item "-x509" +this option outputs a self signed certificate instead of a certificate +request. This is typically used to generate a test certificate or +a self signed root \s-1CA\s0. The extensions added to the certificate +(if any) are specified in the configuration file. +.Ip "\fB\-days n\fR" 4 +.IX Item "-days n" +when the \fB\-x509\fR option is being used this specifies the number of +days to certify the certificate for. The default is 30 days. +.Ip "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +.PD 0 +.Ip "\fB\-reqexts section\fR" 4 +.IX Item "-reqexts section" +.PD +these options specify alternative sections to include certificate +extensions (if the \fB\-x509\fR option is present) or certificate +request extensions. This allows several different sections to +be used in the same configuration file to specify requests for +a variety of purposes. +.Ip "\fB\-asn1\-kludge\fR" 4 +.IX Item "-asn1-kludge" +by default the \fBreq\fR command outputs certificate requests containing +no attributes in the correct PKCS#10 format. However certain CAs will only +accept requests containing no attributes in an invalid form: this +option produces this invalid format. +.Sp +More precisely the \fBAttributes\fR in a PKCS#10 certificate request +are defined as a \fB\s-1SET\s0 \s-1OF\s0 Attribute\fR. They are \fBnot \s-1OPTIONAL\s0\fR so +if no attributes are present then they should be encoded as an +empty \fB\s-1SET\s0 \s-1OF\s0\fR. The invalid form does not include the empty +\&\fB\s-1SET\s0 \s-1OF\s0\fR whereas the correct form does. +.Sp +It should be noted that very few CAs still require the use of this option. +.Ip "\fB\-newhdr\fR" 4 +.IX Item "-newhdr" +Adds the word \fB\s-1NEW\s0\fR to the \s-1PEM\s0 file header and footer lines on the outputed +request. Some software (Netscape certificate server) and some CAs need this. +.SH "CONFIGURATION FILE FORMAT" +.IX Header "CONFIGURATION FILE FORMAT" +The configuration options are specified in the \fBreq\fR section of +the configuration file. As with all configuration files if no +value is specified in the specific section (i.e. \fBreq\fR) then +the initial unnamed or \fBdefault\fR section is searched too. +.PP +The options available are described in detail below. +.Ip "\fBinput_password output_password\fR" 4 +.IX Item "input_password output_password" +The passwords for the input private key file (if present) and +the output private key file (if one will be created). The +command line options \fBpassin\fR and \fBpassout\fR override the +configuration file values. +.Ip "\fBdefault_bits\fR" 4 +.IX Item "default_bits" +This specifies the default key size in bits. If not specified then +512 is used. It is used if the \fB\-new\fR option is used. It can be +overridden by using the \fB\-newkey\fR option. +.Ip "\fBdefault_keyfile\fR" 4 +.IX Item "default_keyfile" +This is the default filename to write a private key to. If not +specified the key is written to standard output. This can be +overridden by the \fB\-keyout\fR option. +.Ip "\fBoid_file\fR" 4 +.IX Item "oid_file" +This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. +Each line of the file should consist of the numerical form of the +object identifier followed by white space then the short name followed +by white space and finally the long name. +.Ip "\fBoid_section\fR" 4 +.IX Item "oid_section" +This specifies a section in the configuration file containing extra +object identifiers. Each line should consist of the short name of the +object identifier followed by \fB=\fR and the numerical form. The short +and long names are the same when this option is used. +.Ip "\fB\s-1RANDFILE\s0\fR" 4 +.IX Item "RANDFILE" +This specifies a filename in which random number seed information is +placed and read from, or an \s-1EGD\s0 socket (see RAND_egd(3)). +It is used for private key generation. +.Ip "\fBencrypt_key\fR" 4 +.IX Item "encrypt_key" +If this is set to \fBno\fR then if a private key is generated it is +\&\fBnot\fR encrypted. This is equivalent to the \fB\-nodes\fR command line +option. For compatibility \fBencrypt_rsa_key\fR is an equivalent option. +.Ip "\fBdefault_md\fR" 4 +.IX Item "default_md" +This option specifies the digest algorithm to use. Possible values +include \fBmd5 sha1 mdc2\fR. If not present then \s-1MD5\s0 is used. This +option can be overridden on the command line. +.Ip "\fBstring_mask\fR" 4 +.IX Item "string_mask" +This option masks out the use of certain string types in certain +fields. Most users will not need to change this option. +.Sp +It can be set to several values \fBdefault\fR which is also the default +option uses PrintableStrings, T61Strings and BMPStrings if the +\&\fBpkix\fR value is used then only PrintableStrings and BMPStrings will +be used. This follows the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0. If the +\&\fButf8only\fR option is used then only UTF8Strings will be used: this +is the \s-1PKIX\s0 recommendation in \s-1RFC2459\s0 after 2003. Finally the \fBnombstr\fR +option just uses PrintableStrings and T61Strings: certain software has +problems with BMPStrings and UTF8Strings: in particular Netscape. +.Ip "\fBreq_extensions\fR" 4 +.IX Item "req_extensions" +this specifies the configuration file section containing a list of +extensions to add to the certificate request. It can be overridden +by the \fB\-reqexts\fR command line switch. +.Ip "\fBx509_extensions\fR" 4 +.IX Item "x509_extensions" +this specifies the configuration file section containing a list of +extensions to add to certificate generated when the \fB\-x509\fR switch +is used. It can be overridden by the \fB\-extensions\fR command line switch. +.Ip "\fBprompt\fR" 4 +.IX Item "prompt" +if set to the value \fBno\fR this disables prompting of certificate fields +and just takes values from the config file directly. It also changes the +expected format of the \fBdistinguished_name\fR and \fBattributes\fR sections. +.Ip "\fBattributes\fR" 4 +.IX Item "attributes" +this specifies the section containing any request attributes: its format +is the same as \fBdistinguished_name\fR. Typically these may contain the +challengePassword or unstructuredName types. They are currently ignored +by OpenSSL's request signing utilities but some CAs might want them. +.Ip "\fBdistinguished_name\fR" 4 +.IX Item "distinguished_name" +This specifies the section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. The format +is described in the next section. +.SH "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +.IX Header "DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT" +There are two separate formats for the distinguished name and attribute +sections. If the \fBprompt\fR option is set to \fBno\fR then these sections +just consist of field names and values: for example, +.PP +.Vb 3 +\& CN=My Name +\& OU=My Organization +\& emailAddress=someone@somewhere.org +.Ve +This allows external programs (e.g. \s-1GUI\s0 based) to generate a template file +with all the field names and values and just pass it to \fBreq\fR. An example +of this kind of configuration file is contained in the \fB\s-1EXAMPLES\s0\fR section. +.PP +Alternatively if the \fBprompt\fR option is absent or not set to \fBno\fR then the +file contains field prompting information. It consists of lines of the form: +.PP +.Vb 4 +\& fieldName="prompt" +\& fieldName_default="default field value" +\& fieldName_min= 2 +\& fieldName_max= 4 +.Ve +\&\*(L"fieldName\*(R" is the field name being used, for example commonName (or \s-1CN\s0). +The \*(L"prompt\*(R" string is used to ask the user to enter the relevant +details. If the user enters nothing then the default value is used if no +default value is present then the field is omitted. A field can +still be omitted if a default value is present if the user just +enters the '.' character. +.PP +The number of characters entered must be between the fieldName_min and +fieldName_max limits: there may be additional restrictions based +on the field being used (for example countryName can only ever be +two characters long and must fit in a PrintableString). +.PP +Some fields (such as organizationName) can be used more than once +in a \s-1DN\s0. This presents a problem because configuration files will +not recognize the same name occurring twice. To avoid this problem +if the fieldName contains some characters followed by a full stop +they will be ignored. So for example a second organizationName can +be input by calling it \*(L"1.organizationName\*(R". +.PP +The actual permitted field names are any object identifier short or +long names. These are compiled into OpenSSL and include the usual +values such as commonName, countryName, localityName, organizationName, +organizationUnitName, stateOrPrivinceName. Additionally emailAddress +is include as well as name, surname, givenName initials and dnQualifier. +.PP +Additional object identifiers can be defined with the \fBoid_file\fR or +\&\fBoid_section\fR options in the configuration file. Any additional fields +will be treated as though they were a DirectoryString. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Examine and verify certificate request: +.PP +.Vb 1 +\& openssl req -in req.pem -text -verify -noout +.Ve +Create a private key and then generate a certificate request from it: +.PP +.Vb 2 +\& openssl genrsa -out key.pem 1024 +\& openssl req -new -key key.pem -out req.pem +.Ve +The same but just using req: +.PP +.Vb 1 +\& openssl req -newkey rsa:1024 -keyout key.pem -out req.pem +.Ve +Generate a self signed root certificate: +.PP +.Vb 1 +\& openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem +.Ve +Example of a file pointed to by the \fBoid_file\fR option: +.PP +.Vb 2 +\& 1.2.3.4 shortName A longer Name +\& 1.2.3.6 otherName Other longer Name +.Ve +Example of a section pointed to by \fBoid_section\fR making use of variable +expansion: +.PP +.Vb 2 +\& testoid1=1.2.3.5 +\& testoid2=${testoid1}.6 +.Ve +Sample configuration file prompting for field values: +.PP +.Vb 6 +\& [ req ] +\& default_bits = 1024 +\& default_keyfile = privkey.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& x509_extensions = v3_ca +.Ve +.Vb 1 +\& dirstring_type = nobmp +.Ve +.Vb 5 +\& [ req_distinguished_name ] +\& countryName = Country Name (2 letter code) +\& countryName_default = AU +\& countryName_min = 2 +\& countryName_max = 2 +.Ve +.Vb 1 +\& localityName = Locality Name (eg, city) +.Ve +.Vb 1 +\& organizationalUnitName = Organizational Unit Name (eg, section) +.Ve +.Vb 2 +\& commonName = Common Name (eg, YOUR name) +\& commonName_max = 64 +.Ve +.Vb 2 +\& emailAddress = Email Address +\& emailAddress_max = 40 +.Ve +.Vb 4 +\& [ req_attributes ] +\& challengePassword = A challenge password +\& challengePassword_min = 4 +\& challengePassword_max = 20 +.Ve +.Vb 1 +\& [ v3_ca ] +.Ve +.Vb 3 +\& subjectKeyIdentifier=hash +\& authorityKeyIdentifier=keyid:always,issuer:always +\& basicConstraints = CA:true +.Ve +Sample configuration containing all field values: +.PP +.Vb 1 +\& RANDFILE = $ENV::HOME/.rnd +.Ve +.Vb 7 +\& [ req ] +\& default_bits = 1024 +\& default_keyfile = keyfile.pem +\& distinguished_name = req_distinguished_name +\& attributes = req_attributes +\& prompt = no +\& output_password = mypass +.Ve +.Vb 8 +\& [ req_distinguished_name ] +\& C = GB +\& ST = Test State or Province +\& L = Test Locality +\& O = Organization Name +\& OU = Organizational Unit Name +\& CN = Common Name +\& emailAddress = test@email.address +.Ve +.Vb 2 +\& [ req_attributes ] +\& challengePassword = A challenge password +.Ve +.SH "NOTES" +.IX Header "NOTES" +The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: +.PP +.Vb 2 +\& -----BEGIN CERTIFICATE REQUEST---- +\& -----END CERTIFICATE REQUEST---- +.Ve +some software (some versions of Netscape certificate server) instead needs: +.PP +.Vb 2 +\& -----BEGIN NEW CERTIFICATE REQUEST---- +\& -----END NEW CERTIFICATE REQUEST---- +.Ve +which is produced with the \fB\-newhdr\fR option but is otherwise compatible. +Either form is accepted transparently on input. +.PP +The certificate requests generated by \fBXenroll\fR with \s-1MSIE\s0 have extensions +added. It includes the \fBkeyUsage\fR extension which determines the type of +key (signature only or general purpose) and any additional OIDs entered +by the script in an extendedKeyUsage extension. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +The following messages are frequently asked about: +.PP +.Vb 2 +\& Using configuration from /some/path/openssl.cnf +\& Unable to load config info +.Ve +This is followed some time later by... +.PP +.Vb 2 +\& unable to find 'distinguished_name' in config +\& problems making Certificate Request +.Ve +The first error message is the clue: it can't find the configuration +file! Certain operations (like examining a certificate request) don't +need a configuration file so its use isn't enforced. Generation of +certificates or requests however does need a configuration file. This +could be regarded as a bug. +.PP +Another puzzling message is this: +.PP +.Vb 2 +\& Attributes: +\& a0:00 +.Ve +this is displayed when no attributes are present and the request includes +the correct empty \fB\s-1SET\s0 \s-1OF\s0\fR structure (the \s-1DER\s0 encoding of which is 0xa0 +0x00). If you just see: +.PP +.Vb 1 +\& Attributes: +.Ve +then the \fB\s-1SET\s0 \s-1OF\s0\fR is missing and the encoding is technically invalid (but +it is tolerated). See the description of the command line option \fB\-asn1\-kludge\fR +for more information. +.SH "ENVIRONMENT VARIABLES" +.IX Header "ENVIRONMENT VARIABLES" +The variable \fB\s-1OPENSSL_CONF\s0\fR if defined allows an alternative configuration +file location to be specified, it will be overridden by the \fB\-config\fR command +line switch if it is present. For compatibility reasons the \fB\s-1SSLEAY_CONF\s0\fR +environment variable serves the same purpose but its use is discouraged. +.SH "BUGS" +.IX Header "BUGS" +OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively +treats them as \s-1ISO-8859\-1\s0 (Latin 1), Netscape and \s-1MSIE\s0 have similar behaviour. +This can cause problems if you need characters that aren't available in +PrintableStrings and you don't want to or can't use BMPStrings. +.PP +As a consequence of the T61String handling the only correct way to represent +accented characters in OpenSSL is to use a BMPString: unfortunately Netscape +currently chokes on these. If you have to use accented characters with Netscape +and \s-1MSIE\s0 then you currently need to use the invalid T61String form. +.PP +The current prompting is not very friendly. It doesn't allow you to confirm what +you've just entered. Other things like extensions in certificate requests are +statically defined in the configuration file. Some of these: like an email +address in subjectAltName should be input by the user. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +x509(1), ca(1), genrsa(1), +gendsa(1), config(5) diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 new file mode 100644 index 0000000..14d19fd --- /dev/null +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -0,0 +1,201 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:38 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RIPEMD 1" +.TH RIPEMD 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \- +\&\s-1RIPEMD-160\s0 hash function +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/ripemd.h> +.Ve +.Vb 2 +\& unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +\& unsigned char *md); +.Ve +.Vb 4 +\& void RIPEMD160_Init(RIPEMD160_CTX *c); +\& void RIPEMD160_Update(RIPEMD_CTX *c, const void *data, +\& unsigned long len); +\& void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1RIPEMD-160\s0 is a cryptographic hash function with a +160 bit output. +.PP +\&\fIRIPEMD160()\fR computes the \s-1RIPEMD-160\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fIRIPEMD160_Init()\fR initializes a \fB\s-1RIPEMD160_CTX\s0\fR structure. +.PP +\&\fIRIPEMD160_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fIRIPEMD160_Final()\fR places the message digest in \fBmd\fR, which must have +space for \s-1RIPEMD160_DIGEST_LENGTH\s0 == 20 bytes of output, and erases +the \fB\s-1RIPEMD160_CTX\s0\fR. +.PP +Applications should use the higher level functions +EVP_DigestInit(3) etc. instead of calling the +hash functions directly. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fIRIPEMD160()\fR returns a pointer to the hash value. +.PP +\&\fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and \fIRIPEMD160_Final()\fR do not +return values. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1ISO/IEC\s0 10118\-3 (draft) (??) +.SH "SEE ALSO" +.IX Header "SEE ALSO" +sha(3), hmac(3), EVP_DigestInit(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fIRIPEMD160()\fR, \fIRIPEMD160_Init()\fR, \fIRIPEMD160_Update()\fR and +\&\fIRIPEMD160_Final()\fR are available since SSLeay 0.9.0. diff --git a/secure/lib/libcrypto/man/rsa.1 b/secure/lib/libcrypto/man/rsa.1 new file mode 100644 index 0000000..1c737e9 --- /dev/null +++ b/secure/lib/libcrypto/man/rsa.1 @@ -0,0 +1,301 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:49 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA 1" +.TH RSA 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +rsa \- \s-1RSA\s0 key processing tool +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsa\fR +[\fB\-inform PEM|NET|DER\fR] +[\fB\-outform PEM|NET|DER\fR] +[\fB\-in filename\fR] +[\fB\-passin arg\fR] +[\fB\-out filename\fR] +[\fB\-passout arg\fR] +[\fB\-sgckey\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-idea\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-modulus\fR] +[\fB\-check\fR] +[\fB\-pubin\fR] +[\fB\-pubout\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various +forms and their components printed out. \fBNote\fR this command uses the +traditional SSLeay compatible format for private key encryption: newer +applications should use the more secure PKCS#8 format using the \fBpkcs8\fR +utility. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-inform DER|NET|PEM\fR" 4 +.IX Item "-inform DER|NET|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. +The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR format base64 +encoded with additional header and footer lines. On input PKCS#8 format private +keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR +section. +.Ip "\fB\-outform DER|NET|PEM\fR" 4 +.IX Item "-outform DER|NET|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a key from or standard input if this +option is not specified. If the key is encrypted a pass phrase will be +prompted for. +.Ip "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write a key to or standard output if this +option is not specified. If any encryption options are set then a pass phrase +will be prompted for. The output filename should \fBnot\fR be the same as the input +filename. +.Ip "\fB\-passout password\fR" 4 +.IX Item "-passout password" +the output file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-sgckey\fR" 4 +.IX Item "-sgckey" +use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 +keys. +.Ip "\fB\-des|\-des3|\-idea\fR" 4 +.IX Item "-des|-des3|-idea" +These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the +\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +If none of these options is specified the key is written in plain text. This +means that using the \fBrsa\fR utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, or by +setting the encryption options it can be use to add or change the pass phrase. +These options can only be used with \s-1PEM\s0 format output files. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +prints out the various public or private key components in +plain text in addition to the encoded version. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the encoded version of the key. +.Ip "\fB\-modulus\fR" 4 +.IX Item "-modulus" +this option prints out the value of the modulus of the key. +.Ip "\fB\-check\fR" 4 +.IX Item "-check" +this option checks the consistency of an \s-1RSA\s0 private key. +.Ip "\fB\-pubin\fR" 4 +.IX Item "-pubin" +by default a private key is read from the input file: with this +option a public key is read instead. +.Ip "\fB\-pubout\fR" 4 +.IX Item "-pubout" +by default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 private key format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN RSA PRIVATE KEY----- +\& -----END RSA PRIVATE KEY----- +.Ve +The \s-1PEM\s0 public key format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN PUBLIC KEY----- +\& -----END PUBLIC KEY----- +.Ve +The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers +and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. +It is not very secure and so should only be used when necessary. +.PP +Some newer version of \s-1IIS\s0 have additional data in the exported .key +files. To use thse with the utility view the file with a binary editor +and look for the string \*(L"private-key\*(R", then trace back to the byte +sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data +from this point onwards to another file and use that as the input +to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get +an error after entering the password try the \fB\-sgckey\fR option. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To remove the pass phrase on an \s-1RSA\s0 private key: +.PP +.Vb 1 +\& openssl rsa -in key.pem -out keyout.pem +.Ve +To encrypt a private key using triple \s-1DES:\s0 +.PP +.Vb 1 +\& openssl rsa -in key.pem -des3 -out keyout.pem +.Ve +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl rsa -in key.pem -outform DER -out keyout.der +.Ve +To print out the components of a private key to standard output: +.PP +.Vb 1 +\& openssl rsa -in key.pem -text -noout +.Ve +To just output the public part of a private key: +.PP +.Vb 1 +\& openssl rsa -in key.pem -pubout -out pubkey.pem +.Ve +.SH "BUGS" +.IX Header "BUGS" +The command line password arguments don't currently work with +\&\fB\s-1NET\s0\fR format. +.PP +There should be an option that automatically handles .key files, +without having to manually edit them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +pkcs8(1), dsa(1), genrsa(1), +gendsa(1) diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 new file mode 100644 index 0000000..fc07b7e --- /dev/null +++ b/secure/lib/libcrypto/man/rsa.3 @@ -0,0 +1,263 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:41 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSA 1" +.TH RSA 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +rsa \- \s-1RSA\s0 public key cryptosystem +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/rsa.h> +.Ve +.Vb 2 +\& RSA * RSA_new(void); +\& void RSA_free(RSA *rsa); +.Ve +.Vb 4 +\& int RSA_public_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +\& int RSA_private_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa, int padding); +.Ve +.Vb 4 +\& int RSA_sign(int type, unsigned char *m, unsigned int m_len, +\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); +\& int RSA_verify(int type, unsigned char *m, unsigned int m_len, +\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +.Ve +.Vb 1 +\& int RSA_size(RSA *rsa); +.Ve +.Vb 2 +\& RSA *RSA_generate_key(int num, unsigned long e, +\& void (*callback)(int,int,void *), void *cb_arg); +.Ve +.Vb 1 +\& int RSA_check_key(RSA *rsa); +.Ve +.Vb 2 +\& int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +\& void RSA_blinding_off(RSA *rsa); +.Ve +.Vb 9 +\& void RSA_set_default_method(RSA_METHOD *meth); +\& RSA_METHOD *RSA_get_default_method(void); +\& RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); +\& RSA_METHOD *RSA_get_method(RSA *rsa); +\& RSA_METHOD *RSA_PKCS1_SSLeay(void); +\& RSA_METHOD *RSA_PKCS1_RSAref(void); +\& RSA_METHOD *RSA_null_method(void); +\& int RSA_flags(RSA *rsa); +\& RSA *RSA_new_method(RSA_METHOD *method); +.Ve +.Vb 2 +\& int RSA_print(BIO *bp, RSA *x, int offset); +\& int RSA_print_fp(FILE *fp, RSA *x, int offset); +.Ve +.Vb 4 +\& int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), +\& int (*dup_func)(), void (*free_func)()); +\& int RSA_set_ex_data(RSA *r,int idx,char *arg); +\& char *RSA_get_ex_data(RSA *r, int idx); +.Ve +.Vb 4 +\& int RSA_private_encrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); +\& int RSA_public_decrypt(int flen, unsigned char *from, +\& unsigned char *to, RSA *rsa,int padding); +.Ve +.Vb 6 +\& int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigret, unsigned int *siglen, +\& RSA *rsa); +\& int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, +\& unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, +\& RSA *rsa); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +These functions implement \s-1RSA\s0 public key encryption and signatures +as defined in \s-1PKCS\s0 #1 v2.0 [\s-1RFC\s0 2437]. +.PP +The \fB\s-1RSA\s0\fR structure consists of several \s-1BIGNUM\s0 components. It can +contain public as well as private \s-1RSA\s0 keys: +.PP +.Vb 13 +\& struct +\& { +\& BIGNUM *n; // public modulus +\& BIGNUM *e; // public exponent +\& BIGNUM *d; // private exponent +\& BIGNUM *p; // secret prime factor +\& BIGNUM *q; // secret prime factor +\& BIGNUM *dmp1; // d mod (p-1) +\& BIGNUM *dmq1; // d mod (q-1) +\& BIGNUM *iqmp; // q^-1 mod p +\& // ... +\& }; +\& RSA +.Ve +In public keys, the private exponent and the related secret values are +\&\fB\s-1NULL\s0\fR. +.PP +\&\fBp\fR, \fBq\fR, \fBdmp1\fR, \fBdmq1\fR and \fBiqmp\fR may be \fB\s-1NULL\s0\fR in private +keys, but the \s-1RSA\s0 operations are much faster when these values are +available. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0 +.SH "PATENTS" +.IX Header "PATENTS" +\&\s-1RSA\s0 was covered by a \s-1US\s0 patent which expired in September 2000. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +rsa(1), bn(3), dsa(3), dh(3), +rand(3), RSA_new(3), +RSA_public_encrypt(3), +RSA_sign(3), RSA_size(3), +RSA_generate_key(3), +RSA_check_key(3), +RSA_blinding_on(3), +RSA_set_method(3), RSA_print(3), +RSA_get_ex_new_index(3), +RSA_private_encrypt(3), +RSA_sign_ASN_OCTET_STRING(3), +RSA_padding_add_PKCS1_type_1(3) diff --git a/secure/lib/libcrypto/man/rsautl.1 b/secure/lib/libcrypto/man/rsautl.1 new file mode 100644 index 0000000..f6a9865 --- /dev/null +++ b/secure/lib/libcrypto/man/rsautl.1 @@ -0,0 +1,312 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:52 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "RSAUTL 1" +.TH RSAUTL 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +rsautl \- \s-1RSA\s0 utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBrsautl\fR +[\fB\-in file\fR] +[\fB\-out file\fR] +[\fB\-inkey file\fR] +[\fB\-pubin\fR] +[\fB\-certin\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-pkcs\fR] +[\fB\-ssl\fR] +[\fB\-raw\fR] +[\fB\-hexdump\fR] +[\fB\-asn1parse\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBrsautl\fR command can be used to sign, verify, encrypt and decrypt +data using the \s-1RSA\s0 algorithm. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read data from or standard input +if this option is not specified. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.Ip "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +the input key file, by default it should be an \s-1RSA\s0 private key. +.Ip "\fB\-pubin\fR" 4 +.IX Item "-pubin" +the input file is an \s-1RSA\s0 public key. +.Ip "\fB\-certin\fR" 4 +.IX Item "-certin" +the input is a certificate containing an \s-1RSA\s0 public key. +.Ip "\fB\-sign\fR" 4 +.IX Item "-sign" +sign the input data and output the signed result. This requires +and \s-1RSA\s0 private key. +.Ip "\fB\-verify\fR" 4 +.IX Item "-verify" +verify the input data and output the recovered data. +.Ip "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +encrypt the input data using an \s-1RSA\s0 public key. +.Ip "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +decrypt the input data using an \s-1RSA\s0 private key. +.Ip "\fB\-pkcs, \-oaep, \-ssl, \-raw\fR" 4 +.IX Item "-pkcs, -oaep, -ssl, -raw" +the padding to use: PKCS#1 v1.5 (the default), PKCS#1 \s-1OAEP\s0, +special padding used in \s-1SSL\s0 v2 backwards compatible handshakes, +or no padding, respectively. +For signatures, only \fB\-pkcs\fR and \fB\-raw\fR can be used. +.Ip "\fB\-hexdump\fR" 4 +.IX Item "-hexdump" +hex dump the output data. +.Ip "\fB\-asn1parse\fR" 4 +.IX Item "-asn1parse" +asn1parse the output data, this is useful when combined with the +\&\fB\-verify\fR option. +.SH "NOTES" +.IX Header "NOTES" +\&\fBrsautl\fR because it uses the \s-1RSA\s0 algorithm directly can only be +used to sign or verify small pieces of data. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Sign some data using a private key: +.PP +.Vb 1 +\& openssl rsautl -sign -in file -inkey key.pem -out sig +.Ve +Recover the signed data +.PP +.Vb 1 +\& openssl rsautl -verify -in sig -inkey key.pem +.Ve +Examine the raw signed data: +.PP +.Vb 1 +\& openssl rsautl -verify -in file -inkey key.pem -raw -hexdump +.Ve +.Vb 8 +\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ +\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world +.Ve +The PKCS#1 block formatting is evident from this. If this was done using +encrypt and decrypt the block would have been of type 2 (the second byte) +and random padding data visible instead of the 0xff bytes. +.PP +It is possible to analyse the signature of certificates using this +utility in conjunction with \fBasn1parse\fR. Consider the self signed +example in certs/pca-cert.pem . Running \fBasn1parse\fR as follows yields: +.PP +.Vb 1 +\& openssl asn1parse -in pca-cert.pem +.Ve +.Vb 18 +\& 0:d=0 hl=4 l= 742 cons: SEQUENCE +\& 4:d=1 hl=4 l= 591 cons: SEQUENCE +\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] +\& 10:d=3 hl=2 l= 1 prim: INTEGER :02 +\& 13:d=2 hl=2 l= 1 prim: INTEGER :00 +\& 16:d=2 hl=2 l= 13 cons: SEQUENCE +\& 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 29:d=3 hl=2 l= 0 prim: NULL +\& 31:d=2 hl=2 l= 92 cons: SEQUENCE +\& 33:d=3 hl=2 l= 11 cons: SET +\& 35:d=4 hl=2 l= 9 cons: SEQUENCE +\& 37:d=5 hl=2 l= 3 prim: OBJECT :countryName +\& 42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU +\& .... +\& 599:d=1 hl=2 l= 13 cons: SEQUENCE +\& 601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption +\& 612:d=2 hl=2 l= 0 prim: NULL +\& 614:d=1 hl=3 l= 129 prim: BIT STRING +.Ve +The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: +.PP +.Vb 1 +\& openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 +.Ve +The certificate public key can be extracted with: +.PP +.Vb 1 +\& openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem +.Ve +The signature can be analysed with: +.PP +.Vb 1 +\& openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin +.Ve +.Vb 6 +\& 0:d=0 hl=2 l= 32 cons: SEQUENCE +\& 2:d=1 hl=2 l= 12 cons: SEQUENCE +\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 +\& 14:d=2 hl=2 l= 0 prim: NULL +\& 16:d=1 hl=2 l= 16 prim: OCTET STRING +\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. +.Ve +This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that +the digest used was md5. The actual part of the certificate that was signed can +be extracted with: +.PP +.Vb 1 +\& openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 +.Ve +and its digest computed with: +.PP +.Vb 2 +\& openssl md5 -c tbs +\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 +.Ve +which it can be seen agrees with the recovered value above. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +dgst(1), rsa(1), genrsa(1) diff --git a/secure/lib/libcrypto/man/s_client.1 b/secure/lib/libcrypto/man/s_client.1 new file mode 100644 index 0000000..6037fed --- /dev/null +++ b/secure/lib/libcrypto/man/s_client.1 @@ -0,0 +1,336 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:55 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "S_CLIENT 1" +.TH S_CLIENT 1 "perl v5.6.1" "2001-05-20" "User Contributed Perl Documentation" +.UC +.SH "NAME" +s_client \- \s-1SSL/TLS\s0 client program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_client\fR +[\fB\-connect\fR host:port>] +[\fB\-verify depth\fR] +[\fB\-cert filename\fR] +[\fB\-key filename\fR] +[\fB\-CApath directory\fR] +[\fB\-CAfile filename\fR] +[\fB\-reconnect\fR] +[\fB\-pause\fR] +[\fB\-showcerts\fR] +[\fB\-debug\fR] +[\fB\-nbio_test\fR] +[\fB\-state\fR] +[\fB\-nbio\fR] +[\fB\-crlf\fR] +[\fB\-ign_eof\fR] +[\fB\-quiet\fR] +[\fB\-ssl2\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-no_ssl2\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-bugs\fR] +[\fB\-cipher cipherlist\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects +to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool for +\&\s-1SSL\s0 servers. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-connect host:port\fR" 4 +.IX Item "-connect host:port" +This specifies the host and optional port to connect to. If not specified +then an attempt is made to connect to the local host on port 4433. +.Ip "\fB\-cert certname\fR" 4 +.IX Item "-cert certname" +The certificate to use, if one is requested by the server. The default is +not to use a certificate. +.Ip "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. +.Ip "\fB\-verify depth\fR" 4 +.IX Item "-verify depth" +The verify depth to use. This specifies the maximum length of the +server certificate chain and turns on server certificate verification. +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. As a side effect the connection +will never fail due to a server certificate verify failure. +.Ip "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +The directory to use for server certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are +also used when building the client certificate chain. +.Ip "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.Ip "\fB\-reconnect\fR" 4 +.IX Item "-reconnect" +reconnects to the same server 5 times using the same session \s-1ID\s0, this can +be used as a test that session caching is working. +.Ip "\fB\-pause\fR" 4 +.IX Item "-pause" +pauses 1 second between each read and write call. +.Ip "\fB\-showcerts\fR" 4 +.IX Item "-showcerts" +display the whole server certificate chain: normally only the server +certificate itself is displayed. +.Ip "\fB\-prexit\fR" 4 +.IX Item "-prexit" +print session information when the program exits. This will always attempt +to print out information even if the connection fails. Normally information +will only be printed out once if the connection succeeds. This option is useful +because the cipher in use may be renegotiated or the connection may fail +because a client certificate is required or is requested only after an +attempt is made to access a certain \s-1URL\s0. Note: the output produced by this +option is not always accurate because a connection might never have been +established. +.Ip "\fB\-state\fR" 4 +.IX Item "-state" +prints out the \s-1SSL\s0 session states. +.Ip "\fB\-debug\fR" 4 +.IX Item "-debug" +print extensive debugging information including a hex dump of all traffic. +.Ip "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +tests non-blocking I/O +.Ip "\fB\-nbio\fR" 4 +.IX Item "-nbio" +turns on non-blocking I/O +.Ip "\fB\-crlf\fR" 4 +.IX Item "-crlf" +this option translated a line feed from the terminal into \s-1CR+LF\s0 as required +by some servers. +.Ip "\fB\-ign_eof\fR" 4 +.IX Item "-ign_eof" +inhibit shutting down the connection when end of file is reached in the +input. +.Ip "\fB\-quiet\fR" 4 +.IX Item "-quiet" +inhibit printing of session and certificate information. This implicitely +turns on \fB\-ign_eof\fR as well. +.Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 +.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" +these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. +.Sp +Unfortunately there are a lot of ancient and broken servers in use which +cannot handle this technique and will fail to connect. Some servers only +work if \s-1TLS\s0 is turned off with the \fB\-no_tls\fR option others will only +support \s-1SSL\s0 v2 and may need the \fB\-ssl2\fR option. +.Ip "\fB\-bugs\fR" 4 +.IX Item "-bugs" +there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.Ip "\fB\-cipher cipherlist\fR" 4 +.IX Item "-cipher cipherlist" +this allows the cipher list sent by the client to be modified. Although +the server determines which cipher suite is used it should take the first +supported cipher in the list sent by the client. See the \fBciphers\fR +command for more information. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection is established with an \s-1SSL\s0 server then any data received +from the server is displayed and any key presses will be sent to the +server. When used interactively (which means neither \fB\-quiet\fR nor \fB\-ign_eof\fR +have been given), the session will be renegociated if the line begins with an +\&\fBR\fR, and if the line begins with a \fBQ\fR or if end of file is reached, the +connection will be closed down. +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_client\fR can be used to debug \s-1SSL\s0 servers. To connect to an \s-1SSL\s0 \s-1HTTP\s0 +server the command: +.PP +.Vb 1 +\& openssl s_client -connect servername:443 +.Ve +would typically be used (https uses port 443). If the connection succeeds +then an \s-1HTTP\s0 command can be given such as \*(L"\s-1GET\s0 /\*(R" to retrieve a web page. +.PP +If the handshake fails then there are several possible causes, if it is +nothing obvious like no client certificate then the \fB\-bugs\fR, \fB\-ssl2\fR, +\&\fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR can be tried +in case it is a buggy server. In particular you should play with these +options \fBbefore\fR submitting a bug report to an OpenSSL mailing list. +.PP +A frequent problem when attempting to get client certificates working +is that a web client complains it has no certificates or gives an empty +list to choose from. This is normally because the server is not sending +the clients certificate authority in its \*(L"acceptable \s-1CA\s0 list\*(R" when it +requests a certificate. By using \fBs_client\fR the \s-1CA\s0 list can be viewed +and checked. However some servers only request client authentication +after a specific \s-1URL\s0 is requested. To obtain the list in this case it +is necessary to use the \fB\-prexit\fR command and send an \s-1HTTP\s0 request +for an appropriate page. +.PP +If a certificate is specified on the command line using the \fB\-cert\fR +option it will not be used unless the server specifically requests +a client certificate. Therefor merely including a client certificate +on the command line is no guarantee that the certificate works. +.PP +If there are problems verifying a server certificate then the +\&\fB\-showcerts\fR option can be used to show the whole chain. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of +the techniques used are rather old, the C source of s_client is rather +hard to read and not a model of how things should be done. A typical +\&\s-1SSL\s0 client program would be much simpler. +.PP +The \fB\-verify\fR option should really exit if the server verification +fails. +.PP +The \fB\-prexit\fR option is a bit of a hack. We should really report +information whenever a session is renegotiated. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +sess_id(1), s_server(1), ciphers(1) diff --git a/secure/lib/libcrypto/man/s_server.1 b/secure/lib/libcrypto/man/s_server.1 new file mode 100644 index 0000000..472e875 --- /dev/null +++ b/secure/lib/libcrypto/man/s_server.1 @@ -0,0 +1,366 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:14:57 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "S_SERVER 1" +.TH S_SERVER 1 "perl v5.6.1" "2001-07-19" "User Contributed Perl Documentation" +.UC +.SH "NAME" +s_server \- \s-1SSL/TLS\s0 server program +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBs_server\fR +[\fB\-accept port\fR] +[\fB\-context id\fR] +[\fB\-verify depth\fR] +[\fB\-Verify depth\fR] +[\fB\-cert filename\fR] +[\fB\-key keyfile\fR] +[\fB\-dcert filename\fR] +[\fB\-dkey keyfile\fR] +[\fB\-dhparam filename\fR] +[\fB\-nbio\fR] +[\fB\-nbio_test\fR] +[\fB\-crlf\fR] +[\fB\-debug\fR] +[\fB\-state\fR] +[\fB\-CApath directory\fR] +[\fB\-CAfile filename\fR] +[\fB\-nocert\fR] +[\fB\-cipher cipherlist\fR] +[\fB\-quiet\fR] +[\fB\-no_tmp_rsa\fR] +[\fB\-ssl2\fR] +[\fB\-ssl3\fR] +[\fB\-tls1\fR] +[\fB\-no_ssl2\fR] +[\fB\-no_ssl3\fR] +[\fB\-no_tls1\fR] +[\fB\-no_dhe\fR] +[\fB\-bugs\fR] +[\fB\-hack\fR] +[\fB\-www\fR] +[\fB\-WWW\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens +for connections on a given port using \s-1SSL/TLS\s0. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-accept port\fR" 4 +.IX Item "-accept port" +the \s-1TCP\s0 port to listen on for connections. If not specified 4433 is used. +.Ip "\fB\-context id\fR" 4 +.IX Item "-context id" +sets the \s-1SSL\s0 context id. It can be given any string value. If this option +is not present a default value will be used. +.Ip "\fB\-cert certname\fR" 4 +.IX Item "-cert certname" +The certificate to use, most servers cipher suites require the use of a +certificate and some require a certificate with a certain public key type: +for example the \s-1DSS\s0 cipher suites require a certificate containing a \s-1DSS\s0 +(\s-1DSA\s0) key. If not specified then the filename \*(L"server.pem\*(R" will be used. +.Ip "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +The private key to use. If not specified then the certificate file will +be used. +.Ip "\fB\-dcert filename\fR, \fB\-dkey keyname\fR" 4 +.IX Item "-dcert filename, -dkey keyname" +specify an additional certificate and private key, these behave in the +same manner as the \fB\-cert\fR and \fB\-key\fR options except there is no default +if they are not specified (no additional certificate and key is used). As +noted above some cipher suites require a certificate containing a key of +a certain type. Some cipher suites need a certificate carrying an \s-1RSA\s0 key +and some a \s-1DSS\s0 (\s-1DSA\s0) key. By using \s-1RSA\s0 and \s-1DSS\s0 certificates and keys +a server can support clients which only support \s-1RSA\s0 or \s-1DSS\s0 cipher suites +by using an appropriate certificate. +.Ip "\fB\-nocert\fR" 4 +.IX Item "-nocert" +if this option is set then no certificate is used. This restricts the +cipher suites available to the anonymous ones (currently just anonymous +\&\s-1DH\s0). +.Ip "\fB\-dhparam filename\fR" 4 +.IX Item "-dhparam filename" +the \s-1DH\s0 parameter file to use. The ephemeral \s-1DH\s0 cipher suites generate keys +using a set of \s-1DH\s0 parameters. If not specified then an attempt is made to +load the parameters from the server certificate file. If this fails then +a static set of parameters hard coded into the s_server program will be used. +.Ip "\fB\-no_dhe\fR" 4 +.IX Item "-no_dhe" +if this option is set then no \s-1DH\s0 parameters will be loaded effectively +disabling the ephemeral \s-1DH\s0 cipher suites. +.Ip "\fB\-no_tmp_rsa\fR" 4 +.IX Item "-no_tmp_rsa" +certain export cipher suites sometimes use a temporary \s-1RSA\s0 key, this option +disables temporary \s-1RSA\s0 key generation. +.Ip "\fB\-verify depth\fR, \fB\-Verify depth\fR" 4 +.IX Item "-verify depth, -Verify depth" +The verify depth to use. This specifies the maximum length of the +client certificate chain and makes the server request a certificate from +the client. With the \fB\-verify\fR option a certificate is requested but the +client does not have to send one, with the \fB\-Verify\fR option the client +must supply a certificate or an error occurs. +.Ip "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +The directory to use for client certificate verification. This directory +must be in \*(L"hash format\*(R", see \fBverify\fR for more information. These are +also used when building the server certificate chain. +.Ip "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file containing trusted certificates to use during client authentication +and to use when attempting to build the server certificate chain. The list +is also used in the list of acceptable client CAs passed to the client when +a certificate is requested. +.Ip "\fB\-state\fR" 4 +.IX Item "-state" +prints out the \s-1SSL\s0 session states. +.Ip "\fB\-debug\fR" 4 +.IX Item "-debug" +print extensive debugging information including a hex dump of all traffic. +.Ip "\fB\-nbio_test\fR" 4 +.IX Item "-nbio_test" +tests non blocking I/O +.Ip "\fB\-nbio\fR" 4 +.IX Item "-nbio" +turns on non blocking I/O +.Ip "\fB\-crlf\fR" 4 +.IX Item "-crlf" +this option translated a line feed from the terminal into \s-1CR+LF\s0. +.Ip "\fB\-quiet\fR" 4 +.IX Item "-quiet" +inhibit printing of session and certificate information. +.Ip "\fB\-ssl2\fR, \fB\-ssl3\fR, \fB\-tls1\fR, \fB\-no_ssl2\fR, \fB\-no_ssl3\fR, \fB\-no_tls1\fR" 4 +.IX Item "-ssl2, -ssl3, -tls1, -no_ssl2, -no_ssl3, -no_tls1" +these options disable the use of certain \s-1SSL\s0 or \s-1TLS\s0 protocols. By default +the initial handshake uses a method which should be compatible with all +servers and permit them to use \s-1SSL\s0 v3, \s-1SSL\s0 v2 or \s-1TLS\s0 as appropriate. +.Ip "\fB\-bugs\fR" 4 +.IX Item "-bugs" +there are several known bug in \s-1SSL\s0 and \s-1TLS\s0 implementations. Adding this +option enables various workarounds. +.Ip "\fB\-hack\fR" 4 +.IX Item "-hack" +this option enables a further workaround for some some early Netscape +\&\s-1SSL\s0 code (?). +.Ip "\fB\-cipher cipherlist\fR" 4 +.IX Item "-cipher cipherlist" +this allows the cipher list used by the server to be modified. When +the client sends a list of supported ciphers the first client cipher +also included in the server list is used. Because the client specifies +the preference order, the order of the server cipherlist irrelevant. See +the \fBciphers\fR command for more information. +.Ip "\fB\-www\fR" 4 +.IX Item "-www" +sends a status message back to the client when it connects. This includes +lots of information about the ciphers used and various session parameters. +The output is in \s-1HTML\s0 format so this option will normally be used with a +web browser. +.Ip "\fB\-WWW\fR" 4 +.IX Item "-WWW" +emulates a simple web server. Pages will be resolved relative to the +current directory, for example if the \s-1URL\s0 https://myhost/page.html is +requested the file ./page.html will be loaded. +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.SH "CONNECTED COMMANDS" +.IX Header "CONNECTED COMMANDS" +If a connection request is established with an \s-1SSL\s0 client and neither the +\&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received +from the client is displayed and any key presses will be sent to the client. +.PP +Certain single letter commands are also recognized which perform special +operations: these are listed below. +.Ip "\fBq\fR" 4 +.IX Item "q" +end the current \s-1SSL\s0 connection but still accept new connections. +.Ip "\fBQ\fR" 4 +.IX Item "Q" +end the current \s-1SSL\s0 connection and exit. +.Ip "\fBr\fR" 4 +.IX Item "r" +renegotiate the \s-1SSL\s0 session. +.Ip "\fBR\fR" 4 +.IX Item "R" +renegotiate the \s-1SSL\s0 session and request a client certificate. +.Ip "\fBP\fR" 4 +.IX Item "P" +send some plain text down the underlying \s-1TCP\s0 connection: this should +cause the client to disconnect due to a protocol violation. +.Ip "\fBS\fR" 4 +.IX Item "S" +print out some session cache status information. +.SH "NOTES" +.IX Header "NOTES" +\&\fBs_server\fR can be used to debug \s-1SSL\s0 clients. To accept connections from +a web browser the command: +.PP +.Vb 1 +\& openssl s_server -accept 443 -www +.Ve +can be used for example. +.PP +Most web browsers (in particular Netscape and \s-1MSIE\s0) only support \s-1RSA\s0 cipher +suites, so they cannot connect to servers which don't use a certificate +carrying an \s-1RSA\s0 key or a version of OpenSSL with \s-1RSA\s0 disabled. +.PP +Although specifying an empty list of CAs when requesting a client certificate +is strictly speaking a protocol violation, some \s-1SSL\s0 clients interpret this to +mean any \s-1CA\s0 is acceptable. This is useful for debugging purposes. +.PP +The session parameters can printed out using the \fBsess_id\fR program. +.SH "BUGS" +.IX Header "BUGS" +Because this program has a lot of options and also because some of +the techniques used are rather old, the C source of s_server is rather +hard to read and not a model of how things should be done. A typical +\&\s-1SSL\s0 server program would be much simpler. +.PP +The output of common ciphers is wrong: it just gives the list of ciphers that +OpenSSL recognizes and the client supports. +.PP +There should be a way for the \fBs_server\fR program to print out details of any +unknown cipher suites a client says it supports. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +sess_id(1), s_client(1), ciphers(1) diff --git a/secure/lib/libcrypto/man/sess_id.1 b/secure/lib/libcrypto/man/sess_id.1 new file mode 100644 index 0000000..ef7771c --- /dev/null +++ b/secure/lib/libcrypto/man/sess_id.1 @@ -0,0 +1,258 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:01 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SESS_ID 1" +.TH SESS_ID 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +sess_id \- \s-1SSL/TLS\s0 session handling utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsess_id\fR +[\fB\-inform PEM|DER\fR] +[\fB\-outform PEM|DER\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-text\fR] +[\fB\-noout\fR] +[\fB\-context \s-1ID\s0\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsess_id\fR process the encoded version of the \s-1SSL\s0 session structure +and optionally prints out \s-1SSL\s0 session details (for example the \s-1SSL\s0 session +master key) in human readable format. Since this is a diagnostic tool that +needs some knowledge of the \s-1SSL\s0 protocol to use properly, most users will +not need to use it. +.Ip "\fB\-inform DER|PEM\fR" 4 +.IX Item "-inform DER|PEM" +This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded +format containing session details. The precise format can vary from one version +to the next. The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s0\fR +format base64 encoded with additional header and footer lines. +.Ip "\fB\-outform DER|PEM\fR" 4 +.IX Item "-outform DER|PEM" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read session information from or standard +input by default. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write session information to or standard +output if this option is not specified. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +prints out the various public or private key components in +plain text in addition to the encoded version. +.Ip "\fB\-cert\fR" 4 +.IX Item "-cert" +if a certificate is present in the session it will be output using this option, +if the \fB\-text\fR option is also present then it will be printed out in text form. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the encoded version of the session. +.Ip "\fB\-context \s-1ID\s0\fR" 4 +.IX Item "-context ID" +this option can set the session id so the output session information uses the +supplied \s-1ID\s0. The \s-1ID\s0 can be any string of characters. This option wont normally +be used. +.SH "OUTPUT" +.IX Header "OUTPUT" +Typical output: +.PP +.Vb 10 +\& SSL-Session: +\& Protocol : TLSv1 +\& Cipher : 0016 +\& Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED +\& Session-ID-ctx: 01000000 +\& Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD +\& Key-Arg : None +\& Start Time: 948459261 +\& Timeout : 300 (sec) +\& Verify return code 0 (ok) +.Ve +Theses are described below in more detail. +.Ip "\fBProtocol\fR" 4 +.IX Item "Protocol" +this is the protocol in use TLSv1, SSLv3 or SSLv2. +.Ip "\fBCipher\fR" 4 +.IX Item "Cipher" +the cipher used this is the actual raw \s-1SSL\s0 or \s-1TLS\s0 cipher code, see the \s-1SSL\s0 +or \s-1TLS\s0 specifications for more information. +.Ip "\fBSession-ID\fR" 4 +.IX Item "Session-ID" +the \s-1SSL\s0 session \s-1ID\s0 in hex format. +.Ip "\fBSession-ID-ctx\fR" 4 +.IX Item "Session-ID-ctx" +the session \s-1ID\s0 context in hex format. +.Ip "\fBMaster-Key\fR" 4 +.IX Item "Master-Key" +this is the \s-1SSL\s0 session master key. +.Ip "\fBKey-Arg\fR" 4 +.IX Item "Key-Arg" +the key argument, this is only used in \s-1SSL\s0 v2. +.Ip "\fBStart Time\fR" 4 +.IX Item "Start Time" +this is the session start time represented as an integer in standard Unix format. +.Ip "\fBTimeout\fR" 4 +.IX Item "Timeout" +the timeout in seconds. +.Ip "\fBVerify return code\fR" 4 +.IX Item "Verify return code" +this is the return code when an \s-1SSL\s0 client certificate is verified. +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 encoded session format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN SSL SESSION PARAMETERS----- +\& -----END SSL SESSION PARAMETERS----- +.Ve +Since the \s-1SSL\s0 session output contains the master key it is possible to read the contents +of an encrypted session using this information. Therefore appropriate security precautions +should be taken if the information is being output by a \*(L"real\*(R" application. This is +however strongly discouraged and should only be used for debugging purposes. +.SH "BUGS" +.IX Header "BUGS" +The cipher and start time should be printed out in human readable form. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ciphers(1), s_server(1) diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 new file mode 100644 index 0000000..62006ab --- /dev/null +++ b/secure/lib/libcrypto/man/sha.3 @@ -0,0 +1,205 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:43 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SHA 1" +.TH SHA 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/sha.h> +.Ve +.Vb 2 +\& unsigned char *SHA1(const unsigned char *d, unsigned long n, +\& unsigned char *md); +.Ve +.Vb 4 +\& void SHA1_Init(SHA_CTX *c); +\& void SHA1_Update(SHA_CTX *c, const void *data, +\& unsigned long len); +\& void SHA1_Final(unsigned char *md, SHA_CTX *c); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\s-1SHA-1\s0 (Secure Hash Algorithm) is a cryptographic hash function with a +160 bit output. +.PP +\&\fISHA1()\fR computes the \s-1SHA-1\s0 message digest of the \fBn\fR +bytes at \fBd\fR and places it in \fBmd\fR (which must have space for +\&\s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output). If \fBmd\fR is \s-1NULL\s0, the digest +is placed in a static array. +.PP +The following functions may be used if the message is not completely +stored in memory: +.PP +\&\fISHA1_Init()\fR initializes a \fB\s-1SHA_CTX\s0\fR structure. +.PP +\&\fISHA1_Update()\fR can be called repeatedly with chunks of the message to +be hashed (\fBlen\fR bytes at \fBdata\fR). +.PP +\&\fISHA1_Final()\fR places the message digest in \fBmd\fR, which must have space +for \s-1SHA_DIGEST_LENGTH\s0 == 20 bytes of output, and erases the \fB\s-1SHA_CTX\s0\fR. +.PP +Applications should use the higher level functions +EVP_DigestInit(3) +etc. instead of calling the hash functions directly. +.PP +The predecessor of \s-1SHA-1\s0, \s-1SHA\s0, is also implemented, but it should be +used only when backward compatibility is required. +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fISHA1()\fR returns a pointer to the hash value. +.PP +\&\fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR do not return values. +.SH "CONFORMING TO" +.IX Header "CONFORMING TO" +\&\s-1SHA:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180 (Secure Hash +Standard), +\&\s-1SHA-1:\s0 \s-1US\s0 Federal Information Processing Standard \s-1FIPS\s0 \s-1PUB\s0 180\-1 (Secure Hash +Standard), +\&\s-1ANSI\s0 X9.30 +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ripemd(3), hmac(3), EVP_DigestInit(3) +.SH "HISTORY" +.IX Header "HISTORY" +\&\fISHA1()\fR, \fISHA1_Init()\fR, \fISHA1_Update()\fR and \fISHA1_Final()\fR are available in all +versions of SSLeay and OpenSSL. diff --git a/secure/lib/libcrypto/man/smime.1 b/secure/lib/libcrypto/man/smime.1 new file mode 100644 index 0000000..be9ac2f --- /dev/null +++ b/secure/lib/libcrypto/man/smime.1 @@ -0,0 +1,474 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:03 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SMIME 1" +.TH SMIME 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +smime \- S/MIME utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBsmime\fR +[\fB\-encrypt\fR] +[\fB\-decrypt\fR] +[\fB\-sign\fR] +[\fB\-verify\fR] +[\fB\-pk7out\fR] +[\fB\-des\fR] +[\fB\-des3\fR] +[\fB\-rc2\-40\fR] +[\fB\-rc2\-64\fR] +[\fB\-rc2\-128\fR] +[\fB\-in file\fR] +[\fB\-certfile file\fR] +[\fB\-signer file\fR] +[\fB\-recip file\fR] +[\fB\-in file\fR] +[\fB\-inform SMIME|PEM|DER\fR] +[\fB\-passin arg\fR] +[\fB\-inkey file\fR] +[\fB\-out file\fR] +[\fB\-outform SMIME|PEM|DER\fR] +[\fB\-content file\fR] +[\fB\-to addr\fR] +[\fB\-from ad\fR] +[\fB\-subject s\fR] +[\fB\-text\fR] +[\fB\-rand \f(BIfile\fB\|(s)\fR] +[cert.pem]... +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBsmime\fR command handles S/MIME mail. It can encrypt, decrypt, sign and +verify S/MIME messages. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +There are five operation options that set the type of operation to be performed. +The meaning of the other options varies according to the operation type. +.Ip "\fB\-encrypt\fR" 4 +.IX Item "-encrypt" +encrypt mail for the given recipient certificates. Input file is the message +to be encrypted. The output file is the encrypted mail in \s-1MIME\s0 format. +.Ip "\fB\-decrypt\fR" 4 +.IX Item "-decrypt" +decrypt mail using the supplied certificate and private key. Expects an +encrypted mail message in \s-1MIME\s0 format for the input file. The decrypted mail +is written to the output file. +.Ip "\fB\-sign\fR" 4 +.IX Item "-sign" +sign mail using the supplied certificate and private key. Input file is +the message to be signed. The signed message in \s-1MIME\s0 format is written +to the output file. +.Ip "\fB\-verify\fR" 4 +.IX Item "-verify" +verify signed mail. Expects a signed mail message on input and outputs +the signed data. Both clear text and opaque signing is supported. +.Ip "\fB\-pk7out\fR" 4 +.IX Item "-pk7out" +takes an input message and writes out a \s-1PEM\s0 encoded PKCS#7 structure. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +the input message to be encrypted or signed or the \s-1MIME\s0 message to +be decrypted or verified. +.Ip "\fB\-inform SMIME|PEM|DER\fR" 4 +.IX Item "-inform SMIME|PEM|DER" +this specifies the input format for the PKCS#7 structure. The default +is \fB\s-1SMIME\s0\fR which reads an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to expect \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures +instead. This currently only affects the input format of the PKCS#7 +structure, if no PKCS#7 structure is being input (for example with +\&\fB\-encrypt\fR or \fB\-sign\fR) this option has no effect. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +the message text that has been decrypted or verified or the output \s-1MIME\s0 +format message that has been signed or verified. +.Ip "\fB\-outform SMIME|PEM|DER\fR" 4 +.IX Item "-outform SMIME|PEM|DER" +this specifies the output format for the PKCS#7 structure. The default +is \fB\s-1SMIME\s0\fR which write an S/MIME format message. \fB\s-1PEM\s0\fR and \fB\s-1DER\s0\fR +format change this to write \s-1PEM\s0 and \s-1DER\s0 format PKCS#7 structures +instead. This currently only affects the output format of the PKCS#7 +structure, if no PKCS#7 structure is being output (for example with +\&\fB\-verify\fR or \fB\-decrypt\fR) this option has no effect. +.Ip "\fB\-content filename\fR" 4 +.IX Item "-content filename" +This specifies a file containing the detached content, this is only +useful with the \fB\-verify\fR command. This is only usable if the PKCS#7 +structure is using the detached signature form where the content is +not included. This option will override any content if the input format +is S/MIME and it uses the multipart/signed \s-1MIME\s0 content type. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +this option adds plain text (text/plain) \s-1MIME\s0 headers to the supplied +message if encrypting or signing. If decrypting or verifying it strips +off text headers: if the decrypted or verified message is not of \s-1MIME\s0 +type text/plain then an error occurs. +.Ip "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +a file containing trusted \s-1CA\s0 certificates, only used with \fB\-verify\fR. +.Ip "\fB\-CApath dir\fR" 4 +.IX Item "-CApath dir" +a directory containing trusted \s-1CA\s0 certificates, only used with +\&\fB\-verify\fR. This directory must be a standard certificate directory: that +is a hash of each subject name (using \fBx509 \-hash\fR) should be linked +to each certificate. +.Ip "\fB\-des \-des3 \-rc2\-40 \-rc2\-64 \-rc2\-128\fR" 4 +.IX Item "-des -des3 -rc2-40 -rc2-64 -rc2-128" +the encryption algorithm to use. \s-1DES\s0 (56 bits), triple \s-1DES\s0 (168 bits) +or 40, 64 or 128 bit \s-1RC2\s0 respectively if not specified 40 bit \s-1RC2\s0 is +used. Only used with \fB\-encrypt\fR. +.Ip "\fB\-nointern\fR" 4 +.IX Item "-nointern" +when verifying a message normally certificates (if any) included in +the message are searched for the signing certificate. With this option +only the certificates specified in the \fB\-certfile\fR option are used. +The supplied certificates can still be used as untrusted CAs however. +.Ip "\fB\-noverify\fR" 4 +.IX Item "-noverify" +do not verify the signers certificate of a signed message. +.Ip "\fB\-nochain\fR" 4 +.IX Item "-nochain" +do not do chain verification of signers certificates: that is don't +use the certificates in the signed message as untrusted CAs. +.Ip "\fB\-nosigs\fR" 4 +.IX Item "-nosigs" +don't try to verify the signatures on the message. +.Ip "\fB\-nocerts\fR" 4 +.IX Item "-nocerts" +when signing a message the signer's certificate is normally included +with this option it is excluded. This will reduce the size of the +signed message but the verifier must have a copy of the signers certificate +available locally (passed using the \fB\-certfile\fR option for example). +.Ip "\fB\-noattr\fR" 4 +.IX Item "-noattr" +normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. With this +option they are not included. +.Ip "\fB\-binary\fR" 4 +.IX Item "-binary" +normally the input message is converted to \*(L"canonical\*(R" format which is +effectively using \s-1CR\s0 and \s-1LF\s0 as end of line: as required by the S/MIME +specification. When this option is present no translation occurs. This +is useful when handling binary data which may not be in \s-1MIME\s0 format. +.Ip "\fB\-nodetach\fR" 4 +.IX Item "-nodetach" +when signing a message use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. Without this option cleartext signing with +the \s-1MIME\s0 type multipart/signed is used. +.Ip "\fB\-certfile file\fR" 4 +.IX Item "-certfile file" +allows additional certificates to be specified. When signing these will +be included with the message. When verifying these will be searched for +the signers certificates. The certificates should be in \s-1PEM\s0 format. +.Ip "\fB\-signer file\fR" 4 +.IX Item "-signer file" +the signers certificate when signing a message. If a message is +being verified then the signers certificates will be written to this +file if the verification was successful. +.Ip "\fB\-recip file\fR" 4 +.IX Item "-recip file" +the recipients certificate when decrypting a message. This certificate +must match one of the recipients of the message or an error occurs. +.Ip "\fB\-inkey file\fR" 4 +.IX Item "-inkey file" +the private key to use when signing or decrypting. This must match the +corresponding certificate. If this option is not specified then the +private key must be included in the certificate file specified with +the \fB\-recip\fR or \fB\-signer\fR file. +.Ip "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the private key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-rand \f(BIfile\fB\|(s)\fR" 4 +.IX Item "-rand file" +a file or files containing random data used to seed the random number +generator, or an \s-1EGD\s0 socket (see RAND_egd(3)). +Multiple files can be specified separated by a OS-dependent character. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. +.Ip "\fBcert.pem...\fR" 4 +.IX Item "cert.pem..." +one or more certificates of message recipients: used when encrypting +a message. +.Ip "\fB\-to, \-from, \-subject\fR" 4 +.IX Item "-to, -from, -subject" +the relevant mail headers. These are included outside the signed +portion of a message so they may be included manually. If signing +then many S/MIME mail clients check the signers certificate's email +address matches that specified in the From: address. +.SH "NOTES" +.IX Header "NOTES" +The \s-1MIME\s0 message must be sent without any blank lines between the +headers and the output. Some mail programs will automatically add +a blank line. Piping the mail directly to sendmail is one way to +achieve the correct format. +.PP +The supplied message to be signed or encrypted must include the +necessary \s-1MIME\s0 headers or many S/MIME clients wont display it +properly (if at all). You can use the \fB\-text\fR option to automatically +add plain text headers. +.PP +A \*(L"signed and encrypted\*(R" message is one where a signed message is +then encrypted. This can be produced by encrypting an already signed +message: see the examples section. +.PP +This version of the program only allows one signer per message but it +will verify multiple signers on received messages. Some S/MIME clients +choke if a message contains multiple signers. It is possible to sign +messages \*(L"in parallel\*(R" by signing an already signed message. +.PP +The options \fB\-encrypt\fR and \fB\-decrypt\fR reflect common usage in S/MIME +clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7 +encrypted data is used for other purposes. +.SH "EXIT CODES" +.IX Header "EXIT CODES" +.Ip "0" 4 +the operation was completely successfully. +.Ip "1" 4 +.IX Item "1" +an error occurred parsing the command options. +.Ip "2" 4 +.IX Item "2" +one of the input files could not be read. +.Ip "3" 4 +.IX Item "3" +an error occurred creating the PKCS#7 file or when reading the \s-1MIME\s0 +message. +.Ip "4" 4 +.IX Item "4" +an error occurred decrypting or verifying the message. +.Ip "5" 4 +.IX Item "5" +the message was verified correctly but an error occurred writing out +the signers certificates. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Create a cleartext signed message: +.PP +.Vb 2 +\& openssl smime -sign -in message.txt -text -out mail.msg \e +\& -signer mycert.pem +.Ve +Create and opaque signed message +.PP +.Vb 2 +\& openssl smime -sign -in message.txt -text -out mail.msg -nodetach \e +\& -signer mycert.pem +.Ve +Create a signed message, include some additional certificates and +read the private key from another file: +.PP +.Vb 2 +\& openssl smime -sign -in in.txt -text -out mail.msg \e +\& -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem +.Ve +Send a signed message under Unix directly to sendmail, including headers: +.PP +.Vb 3 +\& openssl smime -sign -in in.txt -text -signer mycert.pem \e +\& -from steve@openssl.org -to someone@somewhere \e +\& -subject "Signed message" | sendmail someone@somewhere +.Ve +Verify a message and extract the signer's certificate if successful: +.PP +.Vb 1 +\& openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt +.Ve +Send encrypted mail using triple \s-1DES:\s0 +.PP +.Vb 3 +\& openssl smime -encrypt -in in.txt -from steve@openssl.org \e +\& -to someone@somewhere -subject "Encrypted message" \e +\& -des3 user.pem -out mail.msg +.Ve +Sign and encrypt mail: +.PP +.Vb 4 +\& openssl smime -sign -in ml.txt -signer my.pem -text \e +\& | openssl smime -encrypt -out mail.msg \e +\& -from steve@openssl.org -to someone@somewhere \e +\& -subject "Signed and Encrypted message" -des3 user.pem +.Ve +Note: the encryption command does not include the \fB\-text\fR option because the message +being encrypted already has \s-1MIME\s0 headers. +.PP +Decrypt mail: +.PP +.Vb 1 +\& openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem +.Ve +The output from Netscape form signing is a PKCS#7 structure with the +detached signature format. You can use this program to verify the +signature by line wrapping the base64 encoded structure and surrounding +it with: +.PP +.Vb 2 +\& -----BEGIN PKCS7---- +\& -----END PKCS7---- +.Ve +and using the command, +.PP +.Vb 1 +\& openssl smime -verify -inform PEM -in signature.pem -content content.txt +.Ve +alternatively you can base64 decode the signature and use +.PP +.Vb 1 +\& openssl smime -verify -inform DER -in signature.der -content content.txt +.Ve +.SH "BUGS" +.IX Header "BUGS" +The \s-1MIME\s0 parser isn't very clever: it seems to handle most messages that I've thrown +at it but it may choke on others. +.PP +The code currently will only write out the signer's certificate to a file: if the +signer has a separate encryption certificate this must be manually extracted. There +should be some heuristic that determines the correct encryption certificate. +.PP +Ideally a database should be maintained of a certificates for each email address. +.PP +The code doesn't currently take note of the permitted symmetric encryption +algorithms as supplied in the SMIMECapabilities signed attribute. this means the +user has to manually include the correct encryption algorithm. It should store +the list of permitted ciphers in a database and only use those. +.PP +No revocation checking is done on the signer's certificate. +.PP +The current code can only handle S/MIME v2 messages, the more complex S/MIME v3 +structures may cause parsing errors. diff --git a/secure/lib/libcrypto/man/speed.1 b/secure/lib/libcrypto/man/speed.1 new file mode 100644 index 0000000..0e13290 --- /dev/null +++ b/secure/lib/libcrypto/man/speed.1 @@ -0,0 +1,179 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:07 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SPEED 1" +.TH SPEED 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +speed \- test library performance +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl speed\fR +[\fBmd2\fR] +[\fBmdc2\fR] +[\fBmd5\fR] +[\fBhmac\fR] +[\fBsha1\fR] +[\fBrmd160\fR] +[\fBidea-cbc\fR] +[\fBrc2\-cbc\fR] +[\fBrc5\-cbc\fR] +[\fBbf-cbc\fR] +[\fBdes-cbc\fR] +[\fBdes-ede3\fR] +[\fBrc4\fR] +[\fBrsa512\fR] +[\fBrsa1024\fR] +[\fBrsa2048\fR] +[\fBrsa4096\fR] +[\fBdsa512\fR] +[\fBdsa1024\fR] +[\fBdsa2048\fR] +[\fBidea\fR] +[\fBrc2\fR] +[\fBdes\fR] +[\fBrsa\fR] +[\fBblowfish\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to test the performance of cryptographic algorithms. +.SH "OPTIONS" +.IX Header "OPTIONS" +If any options are given, \fBspeed\fR tests those algorithms, otherwise all of +the above are tested. diff --git a/secure/lib/libcrypto/man/spkac.1 b/secure/lib/libcrypto/man/spkac.1 new file mode 100644 index 0000000..e98b3b3 --- /dev/null +++ b/secure/lib/libcrypto/man/spkac.1 @@ -0,0 +1,248 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:09 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SPKAC 1" +.TH SPKAC 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +spkac \- \s-1SPKAC\s0 printing and generating utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBspkac\fR +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-key keyfile\fR] +[\fB\-passin arg\fR] +[\fB\-challenge string\fR] +[\fB\-pubkey\fR] +[\fB\-spkac spkacname\fR] +[\fB\-spksect section\fR] +[\fB\-noout\fR] +[\fB\-verify\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBspkac\fR command processes Netscape signed public key and challenge +(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the \fB\-key\fR option is used. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +specifies the output filename to write to or standard output by +default. +.Ip "\fB\-key keyfile\fR" 4 +.IX Item "-key keyfile" +create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The +\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if +present. +.Ip "\fB\-passin password\fR" 4 +.IX Item "-passin password" +the input file password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). +.Ip "\fB\-challenge string\fR" 4 +.IX Item "-challenge string" +specifies the challenge string if an \s-1SPKAC\s0 is being created. +.Ip "\fB\-spkac spkacname\fR" 4 +.IX Item "-spkac spkacname" +allows an alternative name form the variable containing the +\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both +generated and input \s-1SPKAC\s0 files. +.Ip "\fB\-spksect section\fR" 4 +.IX Item "-spksect section" +allows an alternative name form the section containing the +\&\s-1SPKAC\s0. The default is the default section. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +don't output the text version of the \s-1SPKAC\s0 (not used if an +\&\s-1SPKAC\s0 is being created). +.Ip "\fB\-pubkey\fR" 4 +.IX Item "-pubkey" +output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +being created). +.Ip "\fB\-verify\fR" 4 +.IX Item "-verify" +verifies the digital signature on the supplied \s-1SPKAC\s0. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Print out the contents of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac -in spkac.cnf +.Ve +Verify the signature of an \s-1SPKAC:\s0 +.PP +.Vb 1 +\& openssl spkac -in spkac.cnf -noout -verify +.Ve +Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +.PP +.Vb 1 +\& openssl spkac -key key.pem -challenge hello -out spkac.cnf +.Ve +Example of an \s-1SPKAC\s0, (long lines split up for clarity): +.PP +.Vb 5 +\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e +\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e +\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e +\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e +\& 4= +.Ve +.SH "NOTES" +.IX Header "NOTES" +A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into +the \fBca\fR utility. +.PP +SPKACs are typically generated by Netscape when a form is submitted +containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +process. +.PP +The challenge string permits a primitive form of proof of possession +of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous \s-1SPKAC\s0 +to be used in a \*(L"replay attack\*(R". +.SH "SEE ALSO" +.IX Header "SEE ALSO" +ca(1) diff --git a/secure/lib/libcrypto/man/ssl.3 b/secure/lib/libcrypto/man/ssl.3 new file mode 100644 index 0000000..27974c2 --- /dev/null +++ b/secure/lib/libcrypto/man/ssl.3 @@ -0,0 +1,801 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:21:50 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "SSL 1" +.TH SSL 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +\&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The OpenSSL \fBssl\fR library implements the Secure Sockets Layer (\s-1SSL\s0 v2/v3) and +Transport Layer Security (\s-1TLS\s0 v1) protocols. It provides a rich \s-1API\s0 which is +documented here. +.PP +At first the library must be initialized; see +SSL_library_init(3). +.PP +Then an \fB\s-1SSL_CTX\s0\fR object is created as a framework to establish +\&\s-1TLS/SSL\s0 enabled connections (see SSL_CTX_new(3)). +Various options regarding certificates, algorithms etc. can be set +in this object. +.PP +When a network connection has been created, it can be assigned to an +\&\fB\s-1SSL\s0\fR object. After the \fB\s-1SSL\s0\fR object has been created using +SSL_new(3), SSL_set_fd(3) or +SSL_set_bio(3) can be used to associate the network +connection with the object. +.PP +Then the \s-1TLS/SSL\s0 handshake is performed using +SSL_accept(3) or SSL_connect(3) +respectively. +SSL_read(3) and SSL_write(3) are used +to read and write data on the \s-1TLS/SSL\s0 connection. +SSL_shutdown(3) can be used to shut down the +\&\s-1TLS/SSL\s0 connection. +.SH "DATA STRUCTURES" +.IX Header "DATA STRUCTURES" +Currently the OpenSSL \fBssl\fR library functions deals with the following data +structures: +.Ip "\fB\s-1SSL_METHOD\s0\fR (\s-1SSL\s0 Method)" 4 +.IX Item "SSL_METHOD (SSL Method)" +That's a dispatch structure describing the internal \fBssl\fR library +methods/functions which implement the various protocol versions (SSLv1, SSLv2 +and TLSv1). It's needed to create an \fB\s-1SSL_CTX\s0\fR. +.Ip "\fB\s-1SSL_CIPHER\s0\fR (\s-1SSL\s0 Cipher)" 4 +.IX Item "SSL_CIPHER (SSL Cipher)" +This structure holds the algorithm information for a particular cipher which +are a core part of the \s-1SSL/TLS\s0 protocol. The available ciphers are configured +on a \fB\s-1SSL_CTX\s0\fR basis and the actually used ones are then part of the +\&\fB\s-1SSL_SESSION\s0\fR. +.Ip "\fB\s-1SSL_CTX\s0\fR (\s-1SSL\s0 Context)" 4 +.IX Item "SSL_CTX (SSL Context)" +That's the global context structure which is created by a server or client +once per program life-time and which holds mainly default values for the +\&\fB\s-1SSL\s0\fR structures which are later created for the connections. +.Ip "\fB\s-1SSL_SESSION\s0\fR (\s-1SSL\s0 Session)" 4 +.IX Item "SSL_SESSION (SSL Session)" +This is a structure containing the current \s-1TLS/SSL\s0 session details for a +connection: \fB\s-1SSL_CIPHER\s0\fRs, client and server certificates, keys, etc. +.Ip "\fB\s-1SSL\s0\fR (\s-1SSL\s0 Connection)" 4 +.IX Item "SSL (SSL Connection)" +That's the main \s-1SSL/TLS\s0 structure which is created by a server or client per +established connection. This actually is the core structure in the \s-1SSL\s0 \s-1API\s0. +Under run-time the application usually deals with this structure which has +links to mostly all other structures. +.SH "HEADER FILES" +.IX Header "HEADER FILES" +Currently the OpenSSL \fBssl\fR library provides the following C header files +containing the prototypes for the data structures and and functions: +.Ip "\fBssl.h\fR" 4 +.IX Item "ssl.h" +That's the common header file for the \s-1SSL/TLS\s0 \s-1API\s0. Include it into your +program to make the \s-1API\s0 of the \fBssl\fR library available. It internally +includes both more private \s-1SSL\s0 headers and headers from the \fBcrypto\fR library. +Whenever you need hard-core details on the internals of the \s-1SSL\s0 \s-1API\s0, look +inside this header file. +.Ip "\fBssl2.h\fR" 4 +.IX Item "ssl2.h" +That's the sub header file dealing with the SSLv2 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.Ip "\fBssl3.h\fR" 4 +.IX Item "ssl3.h" +That's the sub header file dealing with the SSLv3 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.Ip "\fBssl23.h\fR" 4 +.IX Item "ssl23.h" +That's the sub header file dealing with the combined use of the SSLv2 and +SSLv3 protocols. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.Ip "\fBtls1.h\fR" 4 +.IX Item "tls1.h" +That's the sub header file dealing with the TLSv1 protocol only. +\&\fIUsually you don't have to include it explicitly because +it's already included by ssl.h\fR. +.SH "API FUNCTIONS" +.IX Header "API FUNCTIONS" +Currently the OpenSSL \fBssl\fR library exports 214 \s-1API\s0 functions. +They are documented in the following: +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1METHODS\s0" +.IX Subsection "DEALING WITH PROTOCOL METHODS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol methods defined in \fB\s-1SSL_METHOD\s0\fR structures. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_client_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv2_client_method(void);" +Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated client. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_server_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv2_server_method(void);" +Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for a dedicated server. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv2_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv2_method(void);" +Constructor for the SSLv2 \s-1SSL_METHOD\s0 structure for combined client and server. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_client_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv3_client_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated client. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_server_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv3_server_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for a dedicated server. +.Ip "\s-1SSL_METHOD\s0 *\fBSSLv3_method\fR(void);" 4 +.IX Item "SSL_METHOD *SSLv3_method(void);" +Constructor for the SSLv3 \s-1SSL_METHOD\s0 structure for combined client and server. +.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_client_method\fR(void);" 4 +.IX Item "SSL_METHOD *TLSv1_client_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated client. +.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_server_method\fR(void);" 4 +.IX Item "SSL_METHOD *TLSv1_server_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for a dedicated server. +.Ip "\s-1SSL_METHOD\s0 *\fBTLSv1_method\fR(void);" 4 +.IX Item "SSL_METHOD *TLSv1_method(void);" +Constructor for the TLSv1 \s-1SSL_METHOD\s0 structure for combined client and server. +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CIPHERS\s0" +.IX Subsection "DEALING WITH CIPHERS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +ciphers defined in \fB\s-1SSL_CIPHER\s0\fR structures. +.Ip "char *\fBSSL_CIPHER_description\fR(\s-1SSL_CIPHER\s0 *cipher, char *buf, int len);" 4 +.IX Item "char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len);" +Write a string to \fIbuf\fR (with a maximum size of \fIlen\fR) containing a human +readable description of \fIcipher\fR. Returns \fIbuf\fR. +.Ip "int \fBSSL_CIPHER_get_bits\fR(\s-1SSL_CIPHER\s0 *cipher, int *alg_bits);" 4 +.IX Item "int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);" +Determine the number of bits in \fIcipher\fR. Because of export crippled ciphers +there are two bits: The bits the algorithm supports in general (stored to +\&\fIalg_bits\fR) and the bits which are actually used (the return value). +.Ip "const char *\fBSSL_CIPHER_get_name\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);" +Return the internal name of \fIcipher\fR as a string. These are the various +strings defined by the \fISSL2_TXT_xxx\fR, \fISSL3_TXT_xxx\fR and \fITLS1_TXT_xxx\fR +definitions in the header files. +.Ip "char *\fBSSL_CIPHER_get_version\fR(\s-1SSL_CIPHER\s0 *cipher);" 4 +.IX Item "char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);" +Returns a string like "\f(CW\*(C`TLSv1/SSLv3\*(C'\fR\*(L" or \*(R"\f(CW\*(C`SSLv2\*(C'\fR" which indicates the +\&\s-1SSL/TLS\s0 protocol version to which \fIcipher\fR belongs (i.e. where it was defined +in the specification the first time). +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1PROTOCOL\s0 \s-1CONTEXTS\s0" +.IX Subsection "DEALING WITH PROTOCOL CONTEXTS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +protocol context defined in the \fB\s-1SSL_CTX\s0\fR structure. +.Ip "int \fBSSL_CTX_add_client_CA\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);" +.PD 0 +.Ip "long \fBSSL_CTX_add_extra_chain_cert\fR(\s-1SSL_CTX\s0 *ctx, X509 *x509);" 4 +.IX Item "long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);" +.Ip "int \fBSSL_CTX_add_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);" +.Ip "int \fBSSL_CTX_check_private_key\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_check_private_key(SSL_CTX *ctx);" +.Ip "long \fBSSL_CTX_ctrl\fR(\s-1SSL_CTX\s0 *ctx, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);" +.Ip "void \fBSSL_CTX_flush_sessions\fR(\s-1SSL_CTX\s0 *s, long t);" 4 +.IX Item "void SSL_CTX_flush_sessions(SSL_CTX *s, long t);" +.Ip "void \fBSSL_CTX_free\fR(\s-1SSL_CTX\s0 *a);" 4 +.IX Item "void SSL_CTX_free(SSL_CTX *a);" +.Ip "char *\fBSSL_CTX_get_app_data\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "char *SSL_CTX_get_app_data(SSL_CTX *ctx);" +.Ip "X509_STORE *\fBSSL_CTX_get_cert_store\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);" +.Ip "\s-1STACK\s0 *\fBSSL_CTX_get_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "STACK *SSL_CTX_get_client_CA_list(SSL_CTX *ctx);" +.Ip "int (*\fBSSL_CTX_get_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey);" 4 +.IX Item "int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);" +.Ip "char *\fBSSL_CTX_get_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx);" 4 +.IX Item "char *SSL_CTX_get_ex_data(SSL_CTX *s, int idx);" +.Ip "int \fBSSL_CTX_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.Ip "void (*\fBSSL_CTX_get_info_callback\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, int cb, int ret);" 4 +.IX Item "void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);" +.Ip "int \fBSSL_CTX_get_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_get_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_session_cache_mode(SSL_CTX *ctx);" +.Ip "long \fBSSL_CTX_get_timeout\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_get_timeout(SSL_CTX *ctx);" +.Ip "int (*\fBSSL_CTX_get_verify_callback\fR(\s-1SSL_CTX\s0 *ctx))(int ok, X509_STORE_CTX *ctx);" 4 +.IX Item "int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);" +.Ip "int \fBSSL_CTX_get_verify_mode\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_get_verify_mode(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_load_verify_locations\fR(\s-1SSL_CTX\s0 *ctx, char *CAfile, char *CApath);" 4 +.IX Item "int SSL_CTX_load_verify_locations(SSL_CTX *ctx, char *CAfile, char *CApath);" +.Ip "long \fBSSL_CTX_need_tmp_RSA\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "long SSL_CTX_need_tmp_RSA(SSL_CTX *ctx);" +.Ip "\s-1SSL_CTX\s0 *\fBSSL_CTX_new\fR(\s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);" +.Ip "int \fBSSL_CTX_remove_session\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *c);" 4 +.IX Item "int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);" +.Ip "int \fBSSL_CTX_sess_accept\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_accept_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_good(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_accept_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_cache_full\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cache_full(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_cb_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_cb_hits(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_connect\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_connect_good\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_good(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_connect_renegotiate\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_get_cache_size\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);" +.Ip "\s-1SSL_SESSION\s0 *(*\fBSSL_CTX_sess_get_get_cb\fR(\s-1SSL_CTX\s0 *ctx))(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy);" 4 +.IX Item "SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);" +.Ip "int (*\fBSSL_CTX_sess_get_new_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);" +.Ip "void (*\fBSSL_CTX_sess_get_remove_cb\fR(\s-1SSL_CTX\s0 *ctx)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess);" 4 +.IX Item "void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);" +.Ip "int \fBSSL_CTX_sess_hits\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_hits(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_misses\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_misses(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_sess_number\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_number(SSL_CTX *ctx);" +.Ip "void \fBSSL_CTX_sess_set_cache_size\fR(\s-1SSL_CTX\s0 *ctx,t);" 4 +.IX Item "void SSL_CTX_sess_set_cache_size(SSL_CTX *ctx,t);" +.Ip "void \fBSSL_CTX_sess_set_get_cb\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *(*cb)(\s-1SSL\s0 *ssl, unsigned char *data, int len, int *copy));" 4 +.IX Item "void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));" +.Ip "void \fBSSL_CTX_sess_set_new_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));" +.Ip "void \fBSSL_CTX_sess_set_remove_cb\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL_CTX\s0 *ctx, \s-1SSL_SESSION\s0 *sess));" 4 +.IX Item "void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));" +.Ip "int \fBSSL_CTX_sess_timeouts\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_sess_timeouts(SSL_CTX *ctx);" +.Ip "\s-1LHASH\s0 *\fBSSL_CTX_sessions\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "LHASH *SSL_CTX_sessions(SSL_CTX *ctx);" +.Ip "void \fBSSL_CTX_set_app_data\fR(\s-1SSL_CTX\s0 *ctx, void *arg);" 4 +.IX Item "void SSL_CTX_set_app_data(SSL_CTX *ctx, void *arg);" +.Ip "void \fBSSL_CTX_set_cert_store\fR(\s-1SSL_CTX\s0 *ctx, X509_STORE *cs);" 4 +.IX Item "void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *cs);" +.Ip "void \fBSSL_CTX_set_cert_verify_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(), char *arg)" 4 +.IX Item "void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(), char *arg)" +.Ip "int \fBSSL_CTX_set_cipher_list\fR(\s-1SSL_CTX\s0 *ctx, char *str);" 4 +.IX Item "int SSL_CTX_set_cipher_list(SSL_CTX *ctx, char *str);" +.Ip "void \fBSSL_CTX_set_client_CA_list\fR(\s-1SSL_CTX\s0 *ctx, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);" +.Ip "void \fBSSL_CTX_set_client_cert_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb)(\s-1SSL\s0 *ssl, X509 **x509, \s-1EVP_PKEY\s0 **pkey));" 4 +.IX Item "void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));" +.Ip "void \fBSSL_CTX_set_default_passwd_cb\fR(\s-1SSL_CTX\s0 *ctx, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, int (*cb);(void))" +.Ip "void \fBSSL_CTX_set_default_read_ahead\fR(\s-1SSL_CTX\s0 *ctx, int m);" 4 +.IX Item "void SSL_CTX_set_default_read_ahead(SSL_CTX *ctx, int m);" +.Ip "int \fBSSL_CTX_set_default_verify_paths\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);" +.Ip "int \fBSSL_CTX_set_ex_data\fR(\s-1SSL_CTX\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, char *arg);" +.Ip "void \fBSSL_CTX_set_info_callback\fR(\s-1SSL_CTX\s0 *ctx, void (*cb)(\s-1SSL\s0 *ssl, int cb, int ret));" 4 +.IX Item "void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));" +.Ip "void \fBSSL_CTX_set_options\fR(\s-1SSL_CTX\s0 *ctx, unsigned long op);" 4 +.IX Item "void SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);" +.Ip "void \fBSSL_CTX_set_quiet_shutdown\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);" +.Ip "void \fBSSL_CTX_set_session_cache_mode\fR(\s-1SSL_CTX\s0 *ctx, int mode);" 4 +.IX Item "void SSL_CTX_set_session_cache_mode(SSL_CTX *ctx, int mode);" +.Ip "int \fBSSL_CTX_set_ssl_version\fR(\s-1SSL_CTX\s0 *ctx, \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *meth);" +.Ip "void \fBSSL_CTX_set_timeout\fR(\s-1SSL_CTX\s0 *ctx, long t);" 4 +.IX Item "void SSL_CTX_set_timeout(SSL_CTX *ctx, long t);" +.Ip "long \fBSSL_CTX_set_tmp_dh\fR(SSL_CTX* ctx, \s-1DH\s0 *dh);" 4 +.IX Item "long SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh);" +.Ip "long \fBSSL_CTX_set_tmp_dh_callback\fR(\s-1SSL_CTX\s0 *ctx, \s-1DH\s0 *(*cb)(void));" 4 +.IX Item "long SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*cb)(void));" +.Ip "long \fBSSL_CTX_set_tmp_rsa\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);" +.Ip "SSL_CTX_set_tmp_rsa_callback" 4 +.IX Item "SSL_CTX_set_tmp_rsa_callback" +.PD +\&\f(CW\*(C`long \f(CBSSL_CTX_set_tmp_rsa_callback\f(CW(SSL_CTX *\f(CBctx\f(CW, RSA *(*\f(CBcb\f(CW)(SSL *\f(CBssl\f(CW, int \f(CBexport\f(CW, int \f(CBkeylength\f(CW));\*(C'\fR +.Sp +Sets the callback which will be called when a temporary private key is +required. The \fB\f(CB\*(C`export\*(C'\fB\fR flag will be set if the reason for needing +a temp key is that an export ciphersuite is in use, in which case, +\&\fB\f(CB\*(C`keylength\*(C'\fB\fR will contain the required keylength in bits. Generate a key of +appropriate size (using ???) and return it. +.Ip "SSL_set_tmp_rsa_callback" 4 +.IX Item "SSL_set_tmp_rsa_callback" +long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength)); +.Sp +The same as the section on "SSL_CTX_set_tmp_rsa_callback", except it operates on an \s-1SSL\s0 +session instead of a context. +.Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4 +.IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))" +.PD 0 +.Ip "int \fBSSL_CTX_use_PrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);" +.Ip "int \fBSSL_CTX_use_PrivateKey_ASN1\fR(int type, \s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, long len);" +.Ip "int \fBSSL_CTX_use_PrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IX Item "int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);" +.Ip "int \fBSSL_CTX_use_RSAPrivateKey\fR(\s-1SSL_CTX\s0 *ctx, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);" +.Ip "int \fBSSL_CTX_use_RSAPrivateKey_ASN1\fR(\s-1SSL_CTX\s0 *ctx, unsigned char *d, long len);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);" +.Ip "int \fBSSL_CTX_use_RSAPrivateKey_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IX Item "int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);" +.Ip "int \fBSSL_CTX_use_certificate\fR(\s-1SSL_CTX\s0 *ctx, X509 *x);" 4 +.IX Item "int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);" +.Ip "int \fBSSL_CTX_use_certificate_ASN1\fR(\s-1SSL_CTX\s0 *ctx, int len, unsigned char *d);" 4 +.IX Item "int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);" +.Ip "int \fBSSL_CTX_use_certificate_file\fR(\s-1SSL_CTX\s0 *ctx, char *file, int type);" 4 +.IX Item "int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);" +.PD +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1SESSIONS\s0" +.IX Subsection "DEALING WITH SESSIONS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +sessions defined in the \fB\s-1SSL_SESSION\s0\fR structures. +.Ip "int \fBSSL_SESSION_cmp\fR(\s-1SSL_SESSION\s0 *a, \s-1SSL_SESSION\s0 *b);" 4 +.IX Item "int SSL_SESSION_cmp(SSL_SESSION *a, SSL_SESSION *b);" +.PD 0 +.Ip "void \fBSSL_SESSION_free\fR(\s-1SSL_SESSION\s0 *ss);" 4 +.IX Item "void SSL_SESSION_free(SSL_SESSION *ss);" +.Ip "char *\fBSSL_SESSION_get_app_data\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "char *SSL_SESSION_get_app_data(SSL_SESSION *s);" +.Ip "char *\fBSSL_SESSION_get_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx);" 4 +.IX Item "char *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx);" +.Ip "int \fBSSL_SESSION_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.Ip "long \fBSSL_SESSION_get_time\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_time(SSL_SESSION *s);" +.Ip "long \fBSSL_SESSION_get_timeout\fR(\s-1SSL_SESSION\s0 *s);" 4 +.IX Item "long SSL_SESSION_get_timeout(SSL_SESSION *s);" +.Ip "unsigned long \fBSSL_SESSION_hash\fR(\s-1SSL_SESSION\s0 *a);" 4 +.IX Item "unsigned long SSL_SESSION_hash(SSL_SESSION *a);" +.Ip "\s-1SSL_SESSION\s0 *\fBSSL_SESSION_new\fR(void);" 4 +.IX Item "SSL_SESSION *SSL_SESSION_new(void);" +.Ip "int \fBSSL_SESSION_print\fR(\s-1BIO\s0 *bp, \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print(BIO *bp, SSL_SESSION *x);" +.Ip "int \fBSSL_SESSION_print_fp\fR(\s-1FILE\s0 *fp, \s-1SSL_SESSION\s0 *x);" 4 +.IX Item "int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x);" +.Ip "void \fBSSL_SESSION_set_app_data\fR(\s-1SSL_SESSION\s0 *s, char *a);" 4 +.IX Item "void SSL_SESSION_set_app_data(SSL_SESSION *s, char *a);" +.Ip "int \fBSSL_SESSION_set_ex_data\fR(\s-1SSL_SESSION\s0 *s, int idx, char *arg);" 4 +.IX Item "int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, char *arg);" +.Ip "long \fBSSL_SESSION_set_time\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_time(SSL_SESSION *s, long t);" +.Ip "long \fBSSL_SESSION_set_timeout\fR(\s-1SSL_SESSION\s0 *s, long t);" 4 +.IX Item "long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);" +.PD +.Sh "\s-1DEALING\s0 \s-1WITH\s0 \s-1CONNECTIONS\s0" +.IX Subsection "DEALING WITH CONNECTIONS" +Here we document the various \s-1API\s0 functions which deal with the \s-1SSL/TLS\s0 +connection defined in the \fB\s-1SSL\s0\fR structure. +.Ip "int \fBSSL_accept\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_accept(SSL *ssl);" +.PD 0 +.Ip "int \fBSSL_add_dir_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *dir);" 4 +.IX Item "int SSL_add_dir_cert_subjects_to_stack(STACK *stack, const char *dir);" +.Ip "int \fBSSL_add_file_cert_subjects_to_stack\fR(\s-1STACK\s0 *stack, const char *file);" 4 +.IX Item "int SSL_add_file_cert_subjects_to_stack(STACK *stack, const char *file);" +.Ip "int \fBSSL_add_client_CA\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_add_client_CA(SSL *ssl, X509 *x);" +.Ip "char *\fBSSL_alert_desc_string\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string(int value);" +.Ip "char *\fBSSL_alert_desc_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_desc_string_long(int value);" +.Ip "char *\fBSSL_alert_type_string\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string(int value);" +.Ip "char *\fBSSL_alert_type_string_long\fR(int value);" 4 +.IX Item "char *SSL_alert_type_string_long(int value);" +.Ip "int \fBSSL_check_private_key\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_check_private_key(SSL *ssl);" +.Ip "void \fBSSL_clear\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_clear(SSL *ssl);" +.Ip "long \fBSSL_clear_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_clear_num_renegotiations(SSL *ssl);" +.Ip "int \fBSSL_connect\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_connect(SSL *ssl);" +.Ip "void \fBSSL_copy_session_id\fR(\s-1SSL\s0 *t, \s-1SSL\s0 *f);" 4 +.IX Item "void SSL_copy_session_id(SSL *t, SSL *f);" +.Ip "long \fBSSL_ctrl\fR(\s-1SSL\s0 *ssl, int cmd, long larg, char *parg);" 4 +.IX Item "long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);" +.Ip "int \fBSSL_do_handshake\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_do_handshake(SSL *ssl);" +.Ip "\s-1SSL\s0 *\fBSSL_dup\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL *SSL_dup(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_dup_CA_list\fR(\s-1STACK\s0 *sk);" 4 +.IX Item "STACK *SSL_dup_CA_list(STACK *sk);" +.Ip "void \fBSSL_free\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_free(SSL *ssl);" +.Ip "\s-1SSL_CTX\s0 *\fBSSL_get_SSL_CTX\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);" +.Ip "char *\fBSSL_get_app_data\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_app_data(SSL *ssl);" +.Ip "X509 *\fBSSL_get_certificate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_certificate(SSL *ssl);" +.Ip "const char *\fBSSL_get_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "const char *SSL_get_cipher(SSL *ssl);" +.Ip "int \fBSSL_get_cipher_bits\fR(\s-1SSL\s0 *ssl, int *alg_bits);" 4 +.IX Item "int SSL_get_cipher_bits(SSL *ssl, int *alg_bits);" +.Ip "char *\fBSSL_get_cipher_list\fR(\s-1SSL\s0 *ssl, int n);" 4 +.IX Item "char *SSL_get_cipher_list(SSL *ssl, int n);" +.Ip "char *\fBSSL_get_cipher_name\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_name(SSL *ssl);" +.Ip "char *\fBSSL_get_cipher_version\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_cipher_version(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_get_ciphers\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_ciphers(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_get_client_CA_list\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_client_CA_list(SSL *ssl);" +.Ip "\s-1SSL_CIPHER\s0 *\fBSSL_get_current_cipher\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);" +.Ip "long \fBSSL_get_default_timeout\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_default_timeout(SSL *ssl);" +.Ip "int \fBSSL_get_error\fR(\s-1SSL\s0 *ssl, int i);" 4 +.IX Item "int SSL_get_error(SSL *ssl, int i);" +.Ip "char *\fBSSL_get_ex_data\fR(\s-1SSL\s0 *ssl, int idx);" 4 +.IX Item "char *SSL_get_ex_data(SSL *ssl, int idx);" +.Ip "int \fBSSL_get_ex_data_X509_STORE_CTX_idx\fR(void);" 4 +.IX Item "int SSL_get_ex_data_X509_STORE_CTX_idx(void);" +.Ip "int \fBSSL_get_ex_new_index\fR(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" 4 +.IX Item "int SSL_get_ex_new_index(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))" +.Ip "int \fBSSL_get_fd\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_fd(SSL *ssl);" +.Ip "void (*\fBSSL_get_info_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 +.IX Item "void (*SSL_get_info_callback(SSL *ssl);)(void)" +.Ip "\s-1STACK\s0 *\fBSSL_get_peer_cert_chain\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "STACK *SSL_get_peer_cert_chain(SSL *ssl);" +.Ip "X509 *\fBSSL_get_peer_certificate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "X509 *SSL_get_peer_certificate(SSL *ssl);" +.Ip "\s-1EVP_PKEY\s0 *\fBSSL_get_privatekey\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "EVP_PKEY *SSL_get_privatekey(SSL *ssl);" +.Ip "int \fBSSL_get_quiet_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_quiet_shutdown(SSL *ssl);" +.Ip "\s-1BIO\s0 *\fBSSL_get_rbio\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_rbio(SSL *ssl);" +.Ip "int \fBSSL_get_read_ahead\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_read_ahead(SSL *ssl);" +.Ip "\s-1SSL_SESSION\s0 *\fBSSL_get_session\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_SESSION *SSL_get_session(SSL *ssl);" +.Ip "char *\fBSSL_get_shared_ciphers\fR(\s-1SSL\s0 *ssl, char *buf, int len);" 4 +.IX Item "char *SSL_get_shared_ciphers(SSL *ssl, char *buf, int len);" +.Ip "int \fBSSL_get_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_shutdown(SSL *ssl);" +.Ip "\s-1SSL_METHOD\s0 *\fBSSL_get_ssl_method\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "SSL_METHOD *SSL_get_ssl_method(SSL *ssl);" +.Ip "int \fBSSL_get_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_state(SSL *ssl);" +.Ip "long \fBSSL_get_time\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_time(SSL *ssl);" +.Ip "long \fBSSL_get_timeout\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_timeout(SSL *ssl);" +.Ip "int (*\fBSSL_get_verify_callback\fR(\s-1SSL\s0 *ssl);)(void)" 4 +.IX Item "int (*SSL_get_verify_callback(SSL *ssl);)(void)" +.Ip "int \fBSSL_get_verify_mode\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_get_verify_mode(SSL *ssl);" +.Ip "long \fBSSL_get_verify_result\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_get_verify_result(SSL *ssl);" +.Ip "char *\fBSSL_get_version\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_get_version(SSL *ssl);" +.Ip "\s-1BIO\s0 *\fBSSL_get_wbio\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "BIO *SSL_get_wbio(SSL *ssl);" +.Ip "int \fBSSL_in_accept_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_accept_init(SSL *ssl);" +.Ip "int \fBSSL_in_before\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_before(SSL *ssl);" +.Ip "int \fBSSL_in_connect_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_connect_init(SSL *ssl);" +.Ip "int \fBSSL_in_init\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_in_init(SSL *ssl);" +.Ip "int \fBSSL_is_init_finished\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_is_init_finished(SSL *ssl);" +.Ip "\s-1STACK\s0 *\fBSSL_load_client_CA_file\fR(char *file);" 4 +.IX Item "STACK *SSL_load_client_CA_file(char *file);" +.Ip "void \fBSSL_load_error_strings\fR(void);" 4 +.IX Item "void SSL_load_error_strings(void);" +.Ip "\s-1SSL\s0 *\fBSSL_new\fR(\s-1SSL_CTX\s0 *ctx);" 4 +.IX Item "SSL *SSL_new(SSL_CTX *ctx);" +.Ip "long \fBSSL_num_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_num_renegotiations(SSL *ssl);" +.Ip "int \fBSSL_peek\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_peek(SSL *ssl, void *buf, int num);" +.Ip "int \fBSSL_pending\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_pending(SSL *ssl);" +.Ip "int \fBSSL_read\fR(\s-1SSL\s0 *ssl, void *buf, int num);" 4 +.IX Item "int SSL_read(SSL *ssl, void *buf, int num);" +.Ip "int \fBSSL_renegotiate\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_renegotiate(SSL *ssl);" +.Ip "char *\fBSSL_rstate_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string(SSL *ssl);" +.Ip "char *\fBSSL_rstate_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_rstate_string_long(SSL *ssl);" +.Ip "long \fBSSL_session_reused\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_session_reused(SSL *ssl);" +.Ip "void \fBSSL_set_accept_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_accept_state(SSL *ssl);" +.Ip "void \fBSSL_set_app_data\fR(\s-1SSL\s0 *ssl, char *arg);" 4 +.IX Item "void SSL_set_app_data(SSL *ssl, char *arg);" +.Ip "void \fBSSL_set_bio\fR(\s-1SSL\s0 *ssl, \s-1BIO\s0 *rbio, \s-1BIO\s0 *wbio);" 4 +.IX Item "void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);" +.Ip "int \fBSSL_set_cipher_list\fR(\s-1SSL\s0 *ssl, char *str);" 4 +.IX Item "int SSL_set_cipher_list(SSL *ssl, char *str);" +.Ip "void \fBSSL_set_client_CA_list\fR(\s-1SSL\s0 *ssl, \s-1STACK\s0 *list);" 4 +.IX Item "void SSL_set_client_CA_list(SSL *ssl, STACK *list);" +.Ip "void \fBSSL_set_connect_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "void SSL_set_connect_state(SSL *ssl);" +.Ip "int \fBSSL_set_ex_data\fR(\s-1SSL\s0 *ssl, int idx, char *arg);" 4 +.IX Item "int SSL_set_ex_data(SSL *ssl, int idx, char *arg);" +.Ip "int \fBSSL_set_fd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_fd(SSL *ssl, int fd);" +.Ip "void \fBSSL_set_info_callback\fR(\s-1SSL\s0 *ssl, void (*cb);(void))" 4 +.IX Item "void SSL_set_info_callback(SSL *ssl, void (*cb);(void))" +.Ip "void \fBSSL_set_options\fR(\s-1SSL\s0 *ssl, unsigned long op);" 4 +.IX Item "void SSL_set_options(SSL *ssl, unsigned long op);" +.Ip "void \fBSSL_set_quiet_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_quiet_shutdown(SSL *ssl, int mode);" +.Ip "void \fBSSL_set_read_ahead\fR(\s-1SSL\s0 *ssl, int yes);" 4 +.IX Item "void SSL_set_read_ahead(SSL *ssl, int yes);" +.Ip "int \fBSSL_set_rfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_rfd(SSL *ssl, int fd);" +.Ip "int \fBSSL_set_session\fR(\s-1SSL\s0 *ssl, \s-1SSL_SESSION\s0 *session);" 4 +.IX Item "int SSL_set_session(SSL *ssl, SSL_SESSION *session);" +.Ip "void \fBSSL_set_shutdown\fR(\s-1SSL\s0 *ssl, int mode);" 4 +.IX Item "void SSL_set_shutdown(SSL *ssl, int mode);" +.Ip "int \fBSSL_set_ssl_method\fR(\s-1SSL\s0 *ssl, \s-1SSL_METHOD\s0 *meth);" 4 +.IX Item "int SSL_set_ssl_method(SSL *ssl, SSL_METHOD *meth);" +.Ip "void \fBSSL_set_time\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_time(SSL *ssl, long t);" +.Ip "void \fBSSL_set_timeout\fR(\s-1SSL\s0 *ssl, long t);" 4 +.IX Item "void SSL_set_timeout(SSL *ssl, long t);" +.Ip "void \fBSSL_set_verify\fR(\s-1SSL\s0 *ssl, int mode, int (*callback);(void))" 4 +.IX Item "void SSL_set_verify(SSL *ssl, int mode, int (*callback);(void))" +.Ip "void \fBSSL_set_verify_result\fR(\s-1SSL\s0 *ssl, long arg);" 4 +.IX Item "void SSL_set_verify_result(SSL *ssl, long arg);" +.Ip "int \fBSSL_set_wfd\fR(\s-1SSL\s0 *ssl, int fd);" 4 +.IX Item "int SSL_set_wfd(SSL *ssl, int fd);" +.Ip "int \fBSSL_shutdown\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_shutdown(SSL *ssl);" +.Ip "int \fBSSL_state\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_state(SSL *ssl);" +.Ip "char *\fBSSL_state_string\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string(SSL *ssl);" +.Ip "char *\fBSSL_state_string_long\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "char *SSL_state_string_long(SSL *ssl);" +.Ip "long \fBSSL_total_renegotiations\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "long SSL_total_renegotiations(SSL *ssl);" +.Ip "int \fBSSL_use_PrivateKey\fR(\s-1SSL\s0 *ssl, \s-1EVP_PKEY\s0 *pkey);" 4 +.IX Item "int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);" +.Ip "int \fBSSL_use_PrivateKey_ASN1\fR(int type, \s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len);" +.Ip "int \fBSSL_use_PrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IX Item "int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);" +.Ip "int \fBSSL_use_RSAPrivateKey\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *rsa);" 4 +.IX Item "int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);" +.Ip "int \fBSSL_use_RSAPrivateKey_ASN1\fR(\s-1SSL\s0 *ssl, unsigned char *d, long len);" 4 +.IX Item "int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);" +.Ip "int \fBSSL_use_RSAPrivateKey_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IX Item "int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);" +.Ip "int \fBSSL_use_certificate\fR(\s-1SSL\s0 *ssl, X509 *x);" 4 +.IX Item "int SSL_use_certificate(SSL *ssl, X509 *x);" +.Ip "int \fBSSL_use_certificate_ASN1\fR(\s-1SSL\s0 *ssl, int len, unsigned char *d);" 4 +.IX Item "int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);" +.Ip "int \fBSSL_use_certificate_file\fR(\s-1SSL\s0 *ssl, char *file, int type);" 4 +.IX Item "int SSL_use_certificate_file(SSL *ssl, char *file, int type);" +.Ip "int \fBSSL_version\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_version(SSL *ssl);" +.Ip "int \fBSSL_want\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want(SSL *ssl);" +.Ip "int \fBSSL_want_nothing\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_nothing(SSL *ssl);" +.Ip "int \fBSSL_want_read\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_read(SSL *ssl);" +.Ip "int \fBSSL_want_write\fR(\s-1SSL\s0 *ssl);" 4 +.IX Item "int SSL_want_write(SSL *ssl);" +.Ip "int \fBSSL_want_x509_lookup\fR(s);" 4 +.IX Item "int SSL_want_x509_lookup(s);" +.Ip "int \fBSSL_write\fR(\s-1SSL\s0 *ssl, const void *buf, int num);" 4 +.IX Item "int SSL_write(SSL *ssl, const void *buf, int num);" +.PD +.SH "SEE ALSO" +.IX Header "SEE ALSO" +openssl(1), crypto(3), +SSL_accept(3), SSL_clear(3), +SSL_connect(3), +SSL_CIPHER_get_name(3), +SSL_COMP_add_compression_method(3), +SSL_CTX_add_extra_chain_cert(3), +SSL_CTX_add_session(3), +SSL_CTX_ctrl(3), +SSL_CTX_flush_sessions(3), +SSL_CTX_get_ex_new_index(3), +SSL_CTX_get_verify_mode(3), +SSL_CTX_load_verify_locations(3) +SSL_CTX_new(3), +SSL_CTX_sess_number(3), +SSL_CTX_sess_set_cache_size(3), +SSL_CTX_sess_set_get_cb(3), +SSL_CTX_sessions(3), +SSL_CTX_set_cert_store(3), +SSL_CTX_set_cert_verify_callback(3), +SSL_CTX_set_cipher_list(3), +SSL_CTX_set_client_CA_list(3), +SSL_CTX_set_default_passwd_cb(3), +SSL_CTX_set_info_callback(3), +SSL_CTX_set_mode(3), +SSL_CTX_set_options(3), +SSL_CTX_set_quiet_shutdown(3), +SSL_CTX_set_session_cache_mode(3), +SSL_CTX_set_session_id_context(3), +SSL_CTX_set_ssl_version(3), +SSL_CTX_set_timeout(3), +SSL_CTX_set_tmp_rsa_callback(3), +SSL_CTX_set_tmp_dh_callback(3), +SSL_CTX_set_verify(3), +SSL_CTX_use_certificate(3), +SSL_alert_type_string(3), +SSL_get_SSL_CTX(3), +SSL_get_ciphers(3), +SSL_get_client_CA_list(3), +SSL_get_default_timeout(3), +SSL_get_error(3), +SSL_get_ex_data_X509_STORE_CTX_idx(3), +SSL_get_ex_new_index(3), +SSL_get_fd(3), +SSL_get_peer_cert_chain(3), +SSL_get_rbio(3), +SSL_get_session(3), +SSL_get_verify_result(3), +SSL_get_version(3), +SSL_library_init(3), +SSL_load_client_CA_file(3), +SSL_new(3), +SSL_pending(3), +SSL_read(3), +SSL_rstate_string(3), +SSL_session_reused(3), +SSL_set_bio(3), +SSL_set_connect_state(3), +SSL_set_fd(3), +SSL_set_session(3), +SSL_set_shutdown(3), +SSL_shutdown(3), +SSL_state_string(3), +SSL_want(3), +SSL_write(3), +SSL_SESSION_free(3), +SSL_SESSION_get_ex_new_index(3), +SSL_SESSION_get_time(3), +d2i_SSL_SESSION(3) +.SH "HISTORY" +.IX Header "HISTORY" +The ssl(3) document appeared in OpenSSL 0.9.2 diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 new file mode 100644 index 0000000..fea2b86 --- /dev/null +++ b/secure/lib/libcrypto/man/threads.3 @@ -0,0 +1,296 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:19:45 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "THREADS 1" +.TH THREADS 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks, +CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback, +CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid, +CRYPTO_destroy_dynlockid, CRYPTO_lock \- OpenSSL thread support +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/crypto.h> +.Ve +.Vb 2 +\& void CRYPTO_set_locking_callback(void (*locking_function)(int mode, +\& int n, const char *file, int line)); +.Ve +.Vb 1 +\& void CRYPTO_set_id_callback(unsigned long (*id_function)(void)); +.Ve +.Vb 1 +\& int CRYPTO_num_locks(void); +.Ve +.Vb 2 +\& /* struct CRYPTO_dynlock_value needs to be defined by the user */ +\& struct CRYPTO_dynlock_value; +.Ve +.Vb 7 +\& void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value * +\& (*dyn_create_function)(char *file, int line)); +\& void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function) +\& (int mode, struct CRYPTO_dynlock_value *l, +\& const char *file, int line)); +\& void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function) +\& (struct CRYPTO_dynlock_value *l, const char *file, int line)); +.Ve +.Vb 1 +\& int CRYPTO_get_new_dynlockid(void); +.Ve +.Vb 1 +\& void CRYPTO_destroy_dynlockid(int i); +.Ve +.Vb 1 +\& void CRYPTO_lock(int mode, int n, const char *file, int line); +.Ve +.Vb 10 +\& #define CRYPTO_w_lock(type) \e +\& CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +\& #define CRYPTO_w_unlock(type) \e +\& CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) +\& #define CRYPTO_r_lock(type) \e +\& CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__) +\& #define CRYPTO_r_unlock(type) \e +\& CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) +\& #define CRYPTO_add(addr,amount,type) \e +\& CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +OpenSSL can safely be used in multi-threaded applications provided +that at least two callback functions are set. +.PP +locking_function(int mode, int n, const char *file, int line) is +needed to perform locking on shared data structures. +(Note that OpenSSL uses a number of global data structures that +will be implicitly shared whenever multiple threads use OpenSSL.) +Multi-threaded applications will crash at random if it is not set. +.PP +\&\fIlocking_function()\fR must be able to handle up to \fICRYPTO_num_locks()\fR +different mutex locks. It sets the \fBn\fR\-th lock if \fBmode\fR & +\&\fB\s-1CRYPTO_LOCK\s0\fR, and releases it otherwise. +.PP +\&\fBfile\fR and \fBline\fR are the file number of the function setting the +lock. They can be useful for debugging. +.PP +id_function(void) is a function that returns a thread \s-1ID\s0. It is not +needed on Windows nor on platforms where \fIgetpid()\fR returns a different +\&\s-1ID\s0 for each thread (most notably Linux). +.PP +Additionally, OpenSSL supports dynamic locks, and sometimes, some parts +of OpenSSL need it for better performance. To enable this, the following +is required: +.Ip "\(bu Three additional callback function, dyn_create_function, dyn_lock_function and dyn_destroy_function." 4 +.IX Item "Three additional callback function, dyn_create_function, dyn_lock_function and dyn_destroy_function." +.PD 0 +.Ip "\(bu A structure defined with the data that each lock needs to handle." 4 +.IX Item "A structure defined with the data that each lock needs to handle." +.PD +.PP +struct CRYPTO_dynlock_value has to be defined to contain whatever structure +is needed to handle locks. +.PP +dyn_create_function(const char *file, int line) is needed to create a +lock. Multi-threaded applications might crash at random if it is not set. +.PP +dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line) +is needed to perform locking off dynamic lock numbered n. Multi-threaded +applications might crash at random if it is not set. +.PP +dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is +needed to destroy the lock l. Multi-threaded applications might crash at +random if it is not set. +.PP +\&\fICRYPTO_get_new_dynlockid()\fR is used to create locks. It will call +dyn_create_function for the actual creation. +.PP +\&\fICRYPTO_destroy_dynlockid()\fR is used to destroy locks. It will call +dyn_destroy_function for the actual destruction. +.PP +\&\fICRYPTO_lock()\fR is used to lock and unlock the locks. mode is a bitfield +describing what should be done with the lock. n is the number of the +lock as returned from \fICRYPTO_get_new_dynlockid()\fR. mode can be combined +from the following values. These values are pairwise exclusive, with +undefined behaviour if misused (for example, \s-1CRYPTO_READ\s0 and \s-1CRYPTO_WRITE\s0 +should not be used together): +.PP +.Vb 4 +\& CRYPTO_LOCK 0x01 +\& CRYPTO_UNLOCK 0x02 +\& CRYPTO_READ 0x04 +\& CRYPTO_WRITE 0x08 +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +\&\fICRYPTO_num_locks()\fR returns the required number of locks. +.PP +\&\fICRYPTO_get_new_dynlockid()\fR returns the index to the newly created lock. +.PP +The other functions return no values. +.SH "NOTE" +.IX Header "NOTE" +You can find out if OpenSSL was configured with thread support: +.PP +.Vb 7 +\& #define OPENSSL_THREAD_DEFINES +\& #include <openssl/opensslconf.h> +\& #if defined(THREADS) +\& // thread support enabled +\& #else +\& // no thread support +\& #endif +.Ve +Also, dynamic locks are currently not used internally by OpenSSL, but +may do so in the future. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +\&\fBcrypto/threads/mttest.c\fR shows examples of the callback functions on +Solaris, Irix and Win32. +.SH "HISTORY" +.IX Header "HISTORY" +\&\fICRYPTO_set_locking_callback()\fR and \fICRYPTO_set_id_callback()\fR are +available in all versions of SSLeay and OpenSSL. +\&\fICRYPTO_num_locks()\fR was added in OpenSSL 0.9.4. +All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +crypto(3) diff --git a/secure/lib/libcrypto/man/verify.1 b/secure/lib/libcrypto/man/verify.1 new file mode 100644 index 0000000..cc52986 --- /dev/null +++ b/secure/lib/libcrypto/man/verify.1 @@ -0,0 +1,408 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:13 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "VERIFY 1" +.TH VERIFY 1 "perl v5.6.1" "2002-01-27" "User Contributed Perl Documentation" +.UC +.SH "NAME" +verify \- Utility to verify certificates. +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBverify\fR +[\fB\-CApath directory\fR] +[\fB\-CAfile file\fR] +[\fB\-purpose purpose\fR] +[\fB\-untrusted file\fR] +[\fB\-help\fR] +[\fB\-issuer_checks\fR] +[\fB\-verbose\fR] +[\fB-\fR] +[certificates] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBverify\fR command verifies certificate chains. +.SH "COMMAND OPTIONS" +.IX Header "COMMAND OPTIONS" +.Ip "\fB\-CApath directory\fR" 4 +.IX Item "-CApath directory" +A directory of trusted certificates. The certificates should have names +of the form: hash.0 or have symbolic links to them of this +form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option +of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically +create symbolic links to a directory of certificates. +.Ip "\fB\-CAfile file\fR" 4 +.IX Item "-CAfile file" +A file of trusted certificates. The file should contain multiple certificates +in \s-1PEM\s0 format concatenated together. +.Ip "\fB\-untrusted file\fR" 4 +.IX Item "-untrusted file" +A file of untrusted certificates. The file should contain multiple certificates +.Ip "\fB\-purpose purpose\fR" 4 +.IX Item "-purpose purpose" +the intended use for the certificate. Without this option no chain verification +will be done. Currently accepted uses are \fBsslclient\fR, \fBsslserver\fR, +\&\fBnssslserver\fR, \fBsmimesign\fR, \fBsmimeencrypt\fR. See the \fB\s-1VERIFY\s0 \s-1OPERATION\s0\fR +section for more information. +.Ip "\fB\-help\fR" 4 +.IX Item "-help" +prints out a usage message. +.Ip "\fB\-verbose\fR" 4 +.IX Item "-verbose" +print extra information about the operations being performed. +.Ip "\fB\-issuer_checks\fR" 4 +.IX Item "-issuer_checks" +print out diagnostics relating to searches for the issuer certificate +of the current certificate. This shows why each candidate issuer +certificate was rejected. However the presence of rejection messages +does not itself imply that anything is wrong: during the normal +verify process several rejections may take place. +.Ip "\fB-\fR" 4 +.IX Item "-" +marks the last option. All arguments following this are assumed to be +certificate files. This is useful if the first certificate filename begins +with a \fB-\fR. +.Ip "\fBcertificates\fR" 4 +.IX Item "certificates" +one or more certificates to verify. If no certificate filenames are included +then an attempt is made to read a certificate from standard input. They should +all be in \s-1PEM\s0 format. +.SH "VERIFY OPERATION" +.IX Header "VERIFY OPERATION" +The \fBverify\fR program uses the same functions as the internal \s-1SSL\s0 and S/MIME +verification, therefore this description applies to these verify operations +too. +.PP +There is one crucial difference between the verify operations performed +by the \fBverify\fR program: wherever possible an attempt is made to continue +after an error whereas normally the verify operation would halt on the +first error. This allows all the problems with a certificate chain to be +determined. +.PP +The verify operation consists of a number of separate steps. +.PP +Firstly a certificate chain is built up starting from the supplied certificate +and ending in the root \s-1CA\s0. It is an error if the whole chain cannot be built +up. The chain is built up by looking up the issuers certificate of the current +certificate. If a certificate is found which is its own issuer it is assumed +to be the root \s-1CA\s0. +.PP +The process of 'looking up the issuers certificate' itself involves a number +of steps. In versions of OpenSSL before 0.9.5a the first certificate whose +subject name matched the issuer of the current certificate was assumed to be +the issuers certificate. In OpenSSL 0.9.6 and later all certificates +whose subject name matches the issuer name of the current certificate are +subject to further tests. The relevant authority key identifier components +of the current certificate (if present) must match the subject key identifier +(if present) and issuer and serial number of the candidate issuer, in addition +the keyUsage extension of the candidate issuer (if present) must permit +certificate signing. +.PP +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. The root \s-1CA\s0 +is always looked up in the trusted certificate list: if the certificate to +verify is a root certificate then an exact match must be found in the trusted +list. +.PP +The second operation is to check every untrusted certificate's extensions for +consistency with the supplied purpose. If the \fB\-purpose\fR option is not included +then no checks are done. The supplied or \*(L"leaf\*(R" certificate must have extensions +compatible with the supplied purpose and all other certificates must also be valid +\&\s-1CA\s0 certificates. The precise extensions required are described in more detail in +the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility. +.PP +The third operation is to check the trust settings on the root \s-1CA\s0. The root +\&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous +versions of SSLeay and OpenSSL a certificate with no trust settings is considered +to be valid for all purposes. +.PP +The final operation is to check the validity of the certificate chain. The validity +period is checked against the current system time and the notBefore and notAfter +dates in the certificate. The certificate signatures are also checked at this +point. +.PP +If all operations complete successfully then certificate is considered valid. If +any operation fails then the certificate is not valid. +.SH "DIAGNOSTICS" +.IX Header "DIAGNOSTICS" +When a verify operation fails the output messages can be somewhat cryptic. The +general form of the error message is: +.PP +.Vb 2 +\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) +\& error 24 at 1 depth lookup:invalid CA certificate +.Ve +The first line contains the name of the certificate being verified followed by +the subject name of the certificate. The second line contains the error number +and the depth. The depth is number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified itself +then 1 for the \s-1CA\s0 that signed the certificate and so on. Finally a text version +of the error number is presented. +.PP +An exhaustive list of the error codes and messages is shown below, this also +includes the name of the error code as defined in the header file x509_vfy.h +Some of the error codes are defined but never returned: these are described +as \*(L"unused\*(R". +.Ip "\fB0 X509_V_OK: ok\fR" 4 +.IX Item "0 X509_V_OK: ok" +the operation was successful. +.Ip "\fB2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate\fR" 4 +.IX Item "2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate" +the issuer certificate could not be found: this occurs if the issuer certificate +of an untrusted certificate cannot be found. +.Ip "\fB3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate \s-1CRL\s0\fR" 4 +.IX Item "3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL" +the \s-1CRL\s0 of a certificate could not be found. Unused. +.Ip "\fB4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature\fR" 4 +.IX Item "4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature" +the certificate signature could not be decrypted. This means that the actual signature value +could not be determined rather than it not matching the expected value, this is only +meaningful for \s-1RSA\s0 keys. +.Ip "\fB5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt \s-1CRL\s0's signature\fR" 4 +.IX Item "5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature" +the \s-1CRL\s0 signature could not be decrypted: this means that the actual signature value +could not be determined rather than it not matching the expected value. Unused. +.Ip "\fB6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key\fR" 4 +.IX Item "6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key" +the public key in the certificate SubjectPublicKeyInfo could not be read. +.Ip "\fB7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure\fR" 4 +.IX Item "7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure" +the signature of the certificate is invalid. +.Ip "\fB8 X509_V_ERR_CRL_SIGNATURE_FAILURE: \s-1CRL\s0 signature failure\fR" 4 +.IX Item "8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure" +the signature of the certificate is invalid. Unused. +.Ip "\fB9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid\fR" 4 +.IX Item "9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid" +the certificate is not yet valid: the notBefore date is after the current time. +.Ip "\fB10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired\fR" 4 +.IX Item "10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired" +the certificate has expired: that is the notAfter date is before the current time. +.Ip "\fB11 X509_V_ERR_CRL_NOT_YET_VALID: \s-1CRL\s0 is not yet valid\fR" 4 +.IX Item "11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid" +the \s-1CRL\s0 is not yet valid. Unused. +.Ip "\fB12 X509_V_ERR_CRL_HAS_EXPIRED: \s-1CRL\s0 has expired\fR" 4 +.IX Item "12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired" +the \s-1CRL\s0 has expired. Unused. +.Ip "\fB13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field\fR" 4 +.IX Item "13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field" +the certificate notBefore field contains an invalid time. +.Ip "\fB14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field\fR" 4 +.IX Item "14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field" +the certificate notAfter field contains an invalid time. +.Ip "\fB15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in \s-1CRL\s0's lastUpdate field\fR" 4 +.IX Item "15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field" +the \s-1CRL\s0 lastUpdate field contains an invalid time. Unused. +.Ip "\fB16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in \s-1CRL\s0's nextUpdate field\fR" 4 +.IX Item "16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field" +the \s-1CRL\s0 nextUpdate field contains an invalid time. Unused. +.Ip "\fB17 X509_V_ERR_OUT_OF_MEM: out of memory\fR" 4 +.IX Item "17 X509_V_ERR_OUT_OF_MEM: out of memory" +an error occurred trying to allocate memory. This should never happen. +.Ip "\fB18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate\fR" 4 +.IX Item "18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate" +the passed certificate is self signed and the same certificate cannot be found in the list of +trusted certificates. +.Ip "\fB19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain\fR" 4 +.IX Item "19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain" +the certificate chain could be built up using the untrusted certificates but the root could not +be found locally. +.Ip "\fB20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate\fR" 4 +.IX Item "20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate" +the issuer certificate of a locally looked up certificate could not be found. This normally means +the list of trusted certificates is not complete. +.Ip "\fB21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate\fR" 4 +.IX Item "21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate" +no signatures could be verified because the chain contains only one certificate and it is not +self signed. +.Ip "\fB22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long\fR" 4 +.IX Item "22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long" +the certificate chain length is greater than the supplied maximum depth. Unused. +.Ip "\fB23 X509_V_ERR_CERT_REVOKED: certificate revoked\fR" 4 +.IX Item "23 X509_V_ERR_CERT_REVOKED: certificate revoked" +the certificate has been revoked. Unused. +.Ip "\fB24 X509_V_ERR_INVALID_CA: invalid \s-1CA\s0 certificate\fR" 4 +.IX Item "24 X509_V_ERR_INVALID_CA: invalid CA certificate" +a \s-1CA\s0 certificate is invalid. Either it is not a \s-1CA\s0 or its extensions are not consistent +with the supplied purpose. +.Ip "\fB25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded\fR" 4 +.IX Item "25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded" +the basicConstraints pathlength parameter has been exceeded. +.Ip "\fB26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose\fR" 4 +.IX Item "26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose" +the supplied certificate cannot be used for the specified purpose. +.Ip "\fB27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted\fR" 4 +.IX Item "27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted" +the root \s-1CA\s0 is not marked as trusted for the specified purpose. +.Ip "\fB28 X509_V_ERR_CERT_REJECTED: certificate rejected\fR" 4 +.IX Item "28 X509_V_ERR_CERT_REJECTED: certificate rejected" +the root \s-1CA\s0 is marked to reject the specified purpose. +.Ip "\fB29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch\fR" 4 +.IX Item "29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch" +the current candidate issuer certificate was rejected because its subject name +did not match the issuer name of the current certificate. Only displayed when +the \fB\-issuer_checks\fR option is set. +.Ip "\fB30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch\fR" 4 +.IX Item "30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch" +the current candidate issuer certificate was rejected because its subject key +identifier was present and did not match the authority key identifier current +certificate. Only displayed when the \fB\-issuer_checks\fR option is set. +.Ip "\fB31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch\fR" 4 +.IX Item "31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch" +the current candidate issuer certificate was rejected because its issuer name +and serial number was present and did not match the authority key identifier +of the current certificate. Only displayed when the \fB\-issuer_checks\fR option is set. +.Ip "\fB32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing\fR" 4 +.IX Item "32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing" +the current candidate issuer certificate was rejected because its keyUsage extension +does not permit certificate signing. +.Ip "\fB50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure\fR" 4 +.IX Item "50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure" +an application specific error. Unused. +.SH "BUGS" +.IX Header "BUGS" +Although the issuer checks are a considerably improvement over the old technique they still +suffer from limitations in the underlying X509_LOOKUP \s-1API\s0. One consequence of this is that +trusted certificates with matching subject name must either appear in a file (as specified by the +\&\fB\-CAfile\fR option) or a directory (as specified by \fB\-CApath\fR. If they occur in both then only +the certificates in the file will be recognised. +.PP +Previous versions of OpenSSL assume certificates with matching subject name are identical and +mishandled them. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +x509(1) diff --git a/secure/lib/libcrypto/man/version.1 b/secure/lib/libcrypto/man/version.1 new file mode 100644 index 0000000..286c89d --- /dev/null +++ b/secure/lib/libcrypto/man/version.1 @@ -0,0 +1,180 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:16 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "VERSION 1" +.TH VERSION 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +version \- print OpenSSL version information +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl version\fR +[\fB\-a\fR] +[\fB\-v\fR] +[\fB\-b\fR] +[\fB\-o\fR] +[\fB\-f\fR] +[\fB\-p\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +This command is used to print out version information about OpenSSL. +.SH "OPTIONS" +.IX Header "OPTIONS" +.Ip "\fB\-a\fR" 4 +.IX Item "-a" +all information, this is the same as setting all the other flags. +.Ip "\fB\-v\fR" 4 +.IX Item "-v" +the current OpenSSL version. +.Ip "\fB\-b\fR" 4 +.IX Item "-b" +the date the current version of OpenSSL was built. +.Ip "\fB\-o\fR" 4 +.IX Item "-o" +option information: various options set when the library was built. +.Ip "\fB\-c\fR" 4 +.IX Item "-c" +compilation flags. +.Ip "\fB\-p\fR" 4 +.IX Item "-p" +platform setting. +.SH "NOTES" +.IX Header "NOTES" +The output of \fBopenssl version \-a\fR would typically be used when sending +in a bug report. diff --git a/secure/lib/libcrypto/man/x509.1 b/secure/lib/libcrypto/man/x509.1 new file mode 100644 index 0000000..8e576bc --- /dev/null +++ b/secure/lib/libcrypto/man/x509.1 @@ -0,0 +1,748 @@ +.\" Automatically generated by Pod::Man version 1.15 +.\" Thu May 9 13:15:18 2002 +.\" +.\" Standard preamble: +.\" ====================================================================== +.de Sh \" Subsection heading +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R + +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. | will give a +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used +.\" to do unbreakable dashes and therefore won't be available. \*(C` and +.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.tr \(*W-|\(bv\*(Tr +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" If the F register is turned on, we'll generate index entries on stderr +.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and +.\" index entries marked with X<> in POD. Of course, you'll have to process +.\" the output yourself in some meaningful fashion. +.if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.\" +.\" For nroff, turn off justification. Always turn off hyphenation; it +.\" makes way too many mistakes in technical documents. +.hy 0 +.if n .na +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +.bd B 3 +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ====================================================================== +.\" +.IX Title "X509 1" +.TH X509 1 "perl v5.6.1" "2000-11-13" "User Contributed Perl Documentation" +.UC +.SH "NAME" +x509 \- Certificate display and signing utility +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBopenssl\fR \fBx509\fR +[\fB\-inform DER|PEM|NET\fR] +[\fB\-outform DER|PEM|NET\fR] +[\fB\-keyform DER|PEM\fR] +[\fB\-CAform DER|PEM\fR] +[\fB\-CAkeyform DER|PEM\fR] +[\fB\-in filename\fR] +[\fB\-out filename\fR] +[\fB\-serial\fR] +[\fB\-hash\fR] +[\fB\-subject\fR] +[\fB\-issuer\fR] +[\fB\-nameopt option\fR] +[\fB\-email\fR] +[\fB\-startdate\fR] +[\fB\-enddate\fR] +[\fB\-purpose\fR] +[\fB\-dates\fR] +[\fB\-modulus\fR] +[\fB\-fingerprint\fR] +[\fB\-alias\fR] +[\fB\-noout\fR] +[\fB\-trustout\fR] +[\fB\-clrtrust\fR] +[\fB\-clrreject\fR] +[\fB\-addtrust arg\fR] +[\fB\-addreject arg\fR] +[\fB\-setalias arg\fR] +[\fB\-days arg\fR] +[\fB\-signkey filename\fR] +[\fB\-x509toreq\fR] +[\fB\-req\fR] +[\fB\-CA filename\fR] +[\fB\-CAkey filename\fR] +[\fB\-CAcreateserial\fR] +[\fB\-CAserial filename\fR] +[\fB\-text\fR] +[\fB\-C\fR] +[\fB\-md2|\-md5|\-sha1|\-mdc2\fR] +[\fB\-clrext\fR] +[\fB\-extfile filename\fR] +[\fB\-extensions section\fR] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +The \fBx509\fR command is a multi purpose certificate utility. It can be +used to display certificate information, convert certificates to +various forms, sign certificate requests like a \*(L"mini \s-1CA\s0\*(R" or edit +certificate trust settings. +.PP +Since there are a large number of options they will split up into +various sections. +.SH "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" +.IX Header "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" +.Ip "\fB\-inform DER|PEM|NET\fR" 4 +.IX Item "-inform DER|PEM|NET" +This specifies the input format normally the command will expect an X509 +certificate but this can change if other options such as \fB\-req\fR are +present. The \s-1DER\s0 format is the \s-1DER\s0 encoding of the certificate and \s-1PEM\s0 +is the base64 encoding of the \s-1DER\s0 encoding with header and footer lines +added. The \s-1NET\s0 option is an obscure Netscape server format that is now +obsolete. +.Ip "\fB\-outform DER|PEM|NET\fR" 4 +.IX Item "-outform DER|PEM|NET" +This specifies the output format, the options have the same meaning as the +\&\fB\-inform\fR option. +.Ip "\fB\-in filename\fR" 4 +.IX Item "-in filename" +This specifies the input filename to read a certificate from or standard input +if this option is not specified. +.Ip "\fB\-out filename\fR" 4 +.IX Item "-out filename" +This specifies the output filename to write to or standard output by +default. +.Ip "\fB\-md2|\-md5|\-sha1|\-mdc2\fR" 4 +.IX Item "-md2|-md5|-sha1|-mdc2" +the digest to use. This affects any signing or display option that uses a message +digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not +specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then +this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys. +.SH "DISPLAY OPTIONS" +.IX Header "DISPLAY OPTIONS" +Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options +but are described in the \fB\s-1TRUST\s0 \s-1OPTIONS\s0\fR section. +.Ip "\fB\-text\fR" 4 +.IX Item "-text" +prints out the certificate in text form. Full details are output including the +public key, signature algorithms, issuer and subject names, serial number +any extensions present and any trust settings. +.Ip "\fB\-noout\fR" 4 +.IX Item "-noout" +this option prevents output of the encoded version of the request. +.Ip "\fB\-modulus\fR" 4 +.IX Item "-modulus" +this option prints out the value of the modulus of the public key +contained in the certificate. +.Ip "\fB\-serial\fR" 4 +.IX Item "-serial" +outputs the certificate serial number. +.Ip "\fB\-hash\fR" 4 +.IX Item "-hash" +outputs the \*(L"hash\*(R" of the certificate subject name. This is used in OpenSSL to +form an index to allow certificates in a directory to be looked up by subject +name. +.Ip "\fB\-subject\fR" 4 +.IX Item "-subject" +outputs the subject name. +.Ip "\fB\-issuer\fR" 4 +.IX Item "-issuer" +outputs the issuer name. +.Ip "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +option which determine how the subject or issuer names are displayed. This +option may be used more than once to set multiple options. See the \fB\s-1NAME\s0 +\&\s-1OPTIONS\s0\fR section for more information. +.Ip "\fB\-email\fR" 4 +.IX Item "-email" +outputs the email address(es) if any. +.Ip "\fB\-startdate\fR" 4 +.IX Item "-startdate" +prints out the start date of the certificate, that is the notBefore date. +.Ip "\fB\-enddate\fR" 4 +.IX Item "-enddate" +prints out the expiry date of the certificate, that is the notAfter date. +.Ip "\fB\-dates\fR" 4 +.IX Item "-dates" +prints out the start and expiry dates of a certificate. +.Ip "\fB\-fingerprint\fR" 4 +.IX Item "-fingerprint" +prints out the digest of the \s-1DER\s0 encoded version of the whole certificate. +.Ip "\fB\-C\fR" 4 +.IX Item "-C" +this outputs the certificate in the form of a C source file. +.SH "TRUST SETTINGS" +.IX Header "TRUST SETTINGS" +Please note these options are currently experimental and may well change. +.PP +A \fBtrusted certificate\fR is an ordinary certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an \*(L"alias\*(R". +.PP +Normally when a certificate is being verified at least one certificate +must be \*(L"trusted\*(R". By default a trusted certificate must be stored +locally and must be a root \s-1CA:\s0 any certificate chain ending in this \s-1CA\s0 +is then usable for any purpose. +.PP +Trust settings currently are only used with a root \s-1CA\s0. They allow a finer +control over the purposes the root \s-1CA\s0 can be used for. For example a \s-1CA\s0 +may be trusted for \s-1SSL\s0 client but not \s-1SSL\s0 server use. +.PP +See the description of the \fBverify\fR utility for more information on the +meaning of trust settings. +.PP +Future versions of OpenSSL will recognize trust settings on any +certificate: not just root CAs. +.Ip "\fB\-trustout\fR" 4 +.IX Item "-trustout" +this causes \fBx509\fR to output a \fBtrusted\fR certificate. An ordinary +or trusted certificate can be input but by default an ordinary +certificate is output and any trust settings are discarded. With the +\&\fB\-trustout\fR option a trusted certificate is output. A trusted +certificate is automatically output if any trust settings are modified. +.Ip "\fB\-setalias arg\fR" 4 +.IX Item "-setalias arg" +sets the alias of the certificate. This will allow the certificate +to be referred to using a nickname for example \*(L"Steve's Certificate\*(R". +.Ip "\fB\-alias\fR" 4 +.IX Item "-alias" +outputs the certificate alias, if any. +.Ip "\fB\-clrtrust\fR" 4 +.IX Item "-clrtrust" +clears all the permitted or trusted uses of the certificate. +.Ip "\fB\-clrreject\fR" 4 +.IX Item "-clrreject" +clears all the prohibited or rejected uses of the certificate. +.Ip "\fB\-addtrust arg\fR" 4 +.IX Item "-addtrust arg" +adds a trusted certificate use. Any object name can be used here +but currently only \fBclientAuth\fR (\s-1SSL\s0 client use), \fBserverAuth\fR +(\s-1SSL\s0 server use) and \fBemailProtection\fR (S/MIME email) are used. +Other OpenSSL applications may define additional uses. +.Ip "\fB\-addreject arg\fR" 4 +.IX Item "-addreject arg" +adds a prohibited use. It accepts the same values as the \fB\-addtrust\fR +option. +.Ip "\fB\-purpose\fR" 4 +.IX Item "-purpose" +this option performs tests on the certificate extensions and outputs +the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 +\&\s-1EXTENSIONS\s0\fR section. +.SH "SIGNING OPTIONS" +.IX Header "SIGNING OPTIONS" +The \fBx509\fR utility can be used to sign certificates and requests: it +can thus behave like a \*(L"mini \s-1CA\s0\*(R". +.Ip "\fB\-signkey filename\fR" 4 +.IX Item "-signkey filename" +this option causes the input file to be self signed using the supplied +private key. +.Sp +If the input file is a certificate it sets the issuer name to the +subject name (i.e. makes it self signed) changes the public key to the +supplied value and changes the start and end dates. The start date is +set to the current time and the end date is set to a value determined +by the \fB\-days\fR option. Any certificate extensions are retained unless +the \fB\-clrext\fR option is supplied. +.Sp +If the input is a certificate request then a self signed certificate +is created using the supplied private key using the subject name in +the request. +.Ip "\fB\-clrext\fR" 4 +.IX Item "-clrext" +delete any extensions from a certificate. This option is used when a +certificate is being created from another certificate (for example with +the \fB\-signkey\fR or the \fB\-CA\fR options). Normally all extensions are +retained. +.Ip "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +specifies the format (\s-1DER\s0 or \s-1PEM\s0) of the private key file used in the +\&\fB\-signkey\fR option. +.Ip "\fB\-days arg\fR" 4 +.IX Item "-days arg" +specifies the number of days to make a certificate valid for. The default +is 30 days. +.Ip "\fB\-x509toreq\fR" 4 +.IX Item "-x509toreq" +converts a certificate into a certificate request. The \fB\-signkey\fR option +is used to pass the required private key. +.Ip "\fB\-req\fR" 4 +.IX Item "-req" +by default a certificate is expected on input. With this option a +certificate request is expected instead. +.Ip "\fB\-CA filename\fR" 4 +.IX Item "-CA filename" +specifies the \s-1CA\s0 certificate to be used for signing. When this option is +present \fBx509\fR behaves like a \*(L"mini \s-1CA\s0\*(R". The input file is signed by this +\&\s-1CA\s0 using this option: that is its issuer name is set to the subject name +of the \s-1CA\s0 and it is digitally signed using the CAs private key. +.Sp +This option is normally combined with the \fB\-req\fR option. Without the +\&\fB\-req\fR option the input is a certificate which must be self signed. +.Ip "\fB\-CAkey filename\fR" 4 +.IX Item "-CAkey filename" +sets the \s-1CA\s0 private key to sign a certificate with. If this option is +not specified then it is assumed that the \s-1CA\s0 private key is present in +the \s-1CA\s0 certificate file. +.Ip "\fB\-CAserial filename\fR" 4 +.IX Item "-CAserial filename" +sets the \s-1CA\s0 serial number file to use. +.Sp +When the \fB\-CA\fR option is used to sign a certificate it uses a serial +number specified in a file. This file consist of one line containing +an even number of hex digits with the serial number to use. After each +use the serial number is incremented and written out to the file again. +.Sp +The default filename consists of the \s-1CA\s0 certificate file base name with +\&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called +\&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R". +.Ip "\fB\-CAcreateserial filename\fR" 4 +.IX Item "-CAcreateserial filename" +with this option the \s-1CA\s0 serial number file is created if it does not exist: +it will contain the serial number \*(L"02\*(R" and the certificate being signed will +have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified +and the serial number file does not exist it is an error. +.Ip "\fB\-extfile filename\fR" 4 +.IX Item "-extfile filename" +file containing certificate extensions to use. If not specified then +no extensions are added to the certificate. +.Ip "\fB\-extensions section\fR" 4 +.IX Item "-extensions section" +the section to add certificate extensions from. If this option is not +specified then the extensions should either be contained in the unnamed +(default) section or the default section should contain a variable called +\&\*(L"extensions\*(R" which contains the section to use. +.SH "NAME OPTIONS" +.IX Header "NAME OPTIONS" +The \fBnameopt\fR command line switch determines how the subject and issuer +names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" +format is used which is compatible with previous versions of OpenSSL. +Each option is described in detail below, all options can be preceded by +a \fB-\fR to turn the option off. Only the first four will normally be used. +.Ip "\fBcompat\fR" 4 +.IX Item "compat" +use the old format. This is equivalent to specifying no name options at all. +.Ip "\fB\s-1RFC2253\s0\fR" 4 +.IX Item "RFC2253" +displays names compatible with \s-1RFC2253\s0 equivalent to \fBesc_2253\fR, \fBesc_ctrl\fR, +\&\fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, \fBdump_unknown\fR, \fBdump_der\fR, +\&\fBsep_comma_plus\fR, \fBdn_rev\fR and \fBsname\fR. +.Ip "\fBoneline\fR" 4 +.IX Item "oneline" +a oneline format which is more readable than \s-1RFC2253\s0. It is equivalent to +specifying the \fBesc_2253\fR, \fBesc_ctrl\fR, \fBesc_msb\fR, \fButf8\fR, \fBdump_nostr\fR, +\&\fBdump_der\fR, \fBuse_quote\fR, \fBsep_comma_plus_spc\fR, \fBspc_eq\fR and \fBsname\fR +options. +.Ip "\fBmultiline\fR" 4 +.IX Item "multiline" +a multiline format. It is equivalent \fBesc_ctrl\fR, \fBesc_msb\fR, \fBsep_multiline\fR, +\&\fBspc_eq\fR and \fBlname\fR. +.Ip "\fBesc_2253\fR" 4 +.IX Item "esc_2253" +escape the \*(L"special\*(R" characters required by \s-1RFC2253\s0 in a field That is +\&\fB,+"<>;\fR. Additionally \fB#\fR is escaped at the beginnging of a string +and a space character at the beginning or end of a string. +.Ip "\fBesc_ctrl\fR" 4 +.IX Item "esc_ctrl" +escape control characters. That is those with \s-1ASCII\s0 values less than +0x20 (space) and the delete (0x7f) character. They are escaped using the +\&\s-1RFC2253\s0 \eXX notation (where \s-1XX\s0 are two hex digits representing the +character value). +.Ip "\fBesc_msb\fR" 4 +.IX Item "esc_msb" +escape characters with the \s-1MSB\s0 set, that is with \s-1ASCII\s0 values larger than +127. +.Ip "\fBuse_quote\fR" 4 +.IX Item "use_quote" +escapes some characters by surrounding the whole string with \fB"\fR characters, +without the option all escaping is done with the \fB\e\fR character. +.Ip "\fButf8\fR" 4 +.IX Item "utf8" +convert all strings to \s-1UTF8\s0 format first. This is required by \s-1RFC2253\s0. If +you are lucky enough to have a \s-1UTF8\s0 compatible terminal then the use +of this option (and \fBnot\fR setting \fBesc_msb\fR) may result in the correct +display of multibyte (international) characters. Is this option is not +present then multibyte characters larger than 0xff will be represented +using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. +Also if this option is off any UTF8Strings will be converted to their +character form first. +.Ip "\fBno_type\fR" 4 +.IX Item "no_type" +this option does not attempt to interpret multibyte characters in any +way. That is their content octets are merely dumped as though one octet +represents each character. This is useful for diagnostic purposes but +will result in rather odd looking output. +.Ip "\fBshow_type\fR" 4 +.IX Item "show_type" +show the type of the \s-1ASN1\s0 character string. The type precedes the +field contents. For example \*(L"\s-1BMPSTRING:\s0 Hello World\*(R". +.Ip "\fBdump_der\fR" 4 +.IX Item "dump_der" +when this option is set any fields that need to be hexdumped will +be dumped using the \s-1DER\s0 encoding of the field. Otherwise just the +content octets will be displayed. Both options use the \s-1RFC2253\s0 +\&\fB#XXXX...\fR format. +.Ip "\fBdump_nostr\fR" 4 +.IX Item "dump_nostr" +dump non character string types (for example \s-1OCTET\s0 \s-1STRING\s0) if this +option is not set then non character string types will be displayed +as though each content octet repesents a single character. +.Ip "\fBdump_all\fR" 4 +.IX Item "dump_all" +dump all fields. This option when used with \fBdump_der\fR allows the +\&\s-1DER\s0 encoding of the structure to be unambiguously determined. +.Ip "\fBdump_unknown\fR" 4 +.IX Item "dump_unknown" +dump any field whose \s-1OID\s0 is not recognised by OpenSSL. +.Ip "\fBsep_comma_plus\fR, \fBsep_comma_plus_space\fR, \fBsep_semi_plus_space\fR, \fBsep_multiline\fR" 4 +.IX Item "sep_comma_plus, sep_comma_plus_space, sep_semi_plus_space, sep_multiline" +these options determine the field separators. The first character is +between RDNs and the second between multiple AVAs (multiple AVAs are +very rare and their use is discouraged). The options ending in +\&\*(L"space\*(R" additionally place a space after the separator to make it +more readable. The \fBsep_multiline\fR uses a linefeed character for +the \s-1RDN\s0 separator and a spaced \fB+\fR for the \s-1AVA\s0 separator. It also +indents the fields by four characters. +.Ip "\fBdn_rev\fR" 4 +.IX Item "dn_rev" +reverse the fields of the \s-1DN\s0. This is required by \s-1RFC2253\s0. As a side +effect this also reverses the order of multiple AVAs but this is +permissible. +.Ip "\fBnofname\fR, \fBsname\fR, \fBlname\fR, \fBoid\fR" 4 +.IX Item "nofname, sname, lname, oid" +these options alter how the field name is displayed. \fBnofname\fR does +not display the field at all. \fBsname\fR uses the \*(L"short name\*(R" form +(\s-1CN\s0 for commonName for example). \fBlname\fR uses the long form. +\&\fBoid\fR represents the \s-1OID\s0 in numerical form and is useful for +diagnostic purpose. +.Ip "\fBspc_eq\fR" 4 +.IX Item "spc_eq" +places spaces round the \fB=\fR character which follows the field +name. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Note: in these examples the '\e' means the example should be all on one +line. +.PP +Display the contents of a certificate: +.PP +.Vb 1 +\& openssl x509 -in cert.pem -noout -text +.Ve +Display the certificate serial number: +.PP +.Vb 1 +\& openssl x509 -in cert.pem -noout -serial +.Ve +Display the certificate subject name: +.PP +.Vb 1 +\& openssl x509 -in cert.pem -noout -subject +.Ve +Display the certificate subject name in \s-1RFC2253\s0 form: +.PP +.Vb 1 +\& openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 +.Ve +Display the certificate subject name in oneline form on a terminal +supporting \s-1UTF8:\s0 +.PP +.Vb 1 +\& openssl x509 -in cert.pem -noout -subject -nameopt oneline -nameopt -escmsb +.Ve +Display the certificate \s-1MD5\s0 fingerprint: +.PP +.Vb 1 +\& openssl x509 -in cert.pem -noout -fingerprint +.Ve +Display the certificate \s-1SHA1\s0 fingerprint: +.PP +.Vb 1 +\& openssl x509 -sha1 -in cert.pem -noout -fingerprint +.Ve +Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: +.PP +.Vb 1 +\& openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER +.Ve +Convert a certificate to a certificate request: +.PP +.Vb 1 +\& openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem +.Ve +Convert a certificate request into a self signed certificate using +extensions for a \s-1CA:\s0 +.PP +.Vb 2 +\& openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \e +\& -signkey key.pem -out cacert.pem +.Ve +Sign a certificate request using the \s-1CA\s0 certificate above and add user +certificate extensions: +.PP +.Vb 2 +\& openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \e +\& -CA cacert.pem -CAkey key.pem -CAcreateserial +.Ve +Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to +\&\*(L"Steve's Class 1 \s-1CA\s0\*(R" +.PP +.Vb 2 +\& openssl x509 -in cert.pem -addtrust sslclient \e +\& -alias "Steve's Class 1 CA" -out trust.pem +.Ve +.SH "NOTES" +.IX Header "NOTES" +The \s-1PEM\s0 format uses the header and footer lines: +.PP +.Vb 2 +\& -----BEGIN CERTIFICATE---- +\& -----END CERTIFICATE---- +.Ve +it will also handle files containing: +.PP +.Vb 2 +\& -----BEGIN X509 CERTIFICATE---- +\& -----END X509 CERTIFICATE---- +.Ve +Trusted certificates have the lines +.PP +.Vb 2 +\& -----BEGIN TRUSTED CERTIFICATE---- +\& -----END TRUSTED CERTIFICATE---- +.Ve +The conversion to \s-1UTF8\s0 format used with the name options assumes that +T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape +and \s-1MSIE\s0 do this as do many certificates. So although this is incorrect +it is more likely to display the majority of certificates correctly. +.PP +The \fB\-fingerprint\fR option takes the digest of the \s-1DER\s0 encoded certificate. +This is commonly called a \*(L"fingerprint\*(R". Because of the nature of message +digests the fingerprint of a certificate is unique to that certificate and +two certificates with the same fingerprint can be considered to be the same. +.PP +The Netscape fingerprint uses \s-1MD5\s0 whereas \s-1MSIE\s0 uses \s-1SHA1\s0. +.PP +The \fB\-email\fR option searches the subject name and the subject alternative +name extension. Only unique email addresses will be printed out: it will +not print the same address more than once. +.SH "CERTIFICATE EXTENSIONS" +.IX Header "CERTIFICATE EXTENSIONS" +The \fB\-purpose\fR option checks the certificate extensions and determines +what the certificate can be used for. The actual checks done are rather +complex and include various hacks and workarounds to handle broken +certificates and software. +.PP +The same code is used when verifying untrusted certificates in chains +so this section is useful if a chain is rejected by the verify code. +.PP +The basicConstraints extension \s-1CA\s0 flag is used to determine whether the +certificate can be used as a \s-1CA\s0. If the \s-1CA\s0 flag is true then it is a \s-1CA\s0, +if the \s-1CA\s0 flag is false then it is not a \s-1CA\s0. \fBAll\fR CAs should have the +\&\s-1CA\s0 flag set to true. +.PP +If the basicConstraints extension is absent then the certificate is +considered to be a \*(L"possible \s-1CA\s0\*(R" other extensions are checked according +to the intended use of the certificate. A warning is given in this case +because the certificate should really not be regarded as a \s-1CA:\s0 however +it is allowed to be a \s-1CA\s0 to work around some broken software. +.PP +If the certificate is a V1 certificate (and thus has no extensions) and +it is self signed it is also assumed to be a \s-1CA\s0 but a warning is again +given: this is to work around the problem of Verisign roots which are V1 +self signed certificates. +.PP +If the keyUsage extension is present then additional restraints are +made on the uses of the certificate. A \s-1CA\s0 certificate \fBmust\fR have the +keyCertSign bit set if the keyUsage extension is present. +.PP +The extended key usage extension places additional restrictions on the +certificate uses. If this extension is present (whether critical or not) +the key can only be used for the purposes specified. +.PP +A complete description of each test is given below. The comments about +basicConstraints and keyUsage and V1 certificates above apply to \fBall\fR +\&\s-1CA\s0 certificates. +.Ip "\fB\s-1SSL\s0 Client\fR" 4 +.IX Item "SSL Client" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID\s0. keyUsage must be absent or it must have the +digitalSignature bit set. Netscape certificate type must be absent or it must +have the \s-1SSL\s0 client bit set. +.Ip "\fB\s-1SSL\s0 Client \s-1CA\s0\fR" 4 +.IX Item "SSL Client CA" +The extended key usage extension must be absent or include the \*(L"web client +authentication\*(R" \s-1OID\s0. Netscape certificate type must be absent or it must have +the \s-1SSL\s0 \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.Ip "\fB\s-1SSL\s0 Server\fR" 4 +.IX Item "SSL Server" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. keyUsage must be absent or it +must have the digitalSignature, the keyEncipherment set or both bits set. +Netscape certificate type must be absent or have the \s-1SSL\s0 server bit set. +.Ip "\fB\s-1SSL\s0 Server \s-1CA\s0\fR" 4 +.IX Item "SSL Server CA" +The extended key usage extension must be absent or include the \*(L"web server +authentication\*(R" and/or one of the \s-1SGC\s0 OIDs. Netscape certificate type must +be absent or the \s-1SSL\s0 \s-1CA\s0 bit must be set: this is used as a work around if the +basicConstraints extension is absent. +.Ip "\fBNetscape \s-1SSL\s0 Server\fR" 4 +.IX Item "Netscape SSL Server" +For Netscape \s-1SSL\s0 clients to connect to an \s-1SSL\s0 server it must have the +keyEncipherment bit set if the keyUsage extension is present. This isn't +always valid because some cipher suites use the key for digital signing. +Otherwise it is the same as a normal \s-1SSL\s0 server. +.Ip "\fBCommon S/MIME Client Tests\fR" 4 +.IX Item "Common S/MIME Client Tests" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or should have the +S/MIME bit set. If the S/MIME bit is not set in netscape certificate type +then the \s-1SSL\s0 client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. +.Ip "\fBS/MIME Signing\fR" 4 +.IX Item "S/MIME Signing" +In addition to the common S/MIME client tests the digitalSignature bit must +be set if the keyUsage extension is present. +.Ip "\fBS/MIME Encryption\fR" 4 +.IX Item "S/MIME Encryption" +In addition to the common S/MIME tests the keyEncipherment bit must be set +if the keyUsage extension is present. +.Ip "\fBS/MIME \s-1CA\s0\fR" 4 +.IX Item "S/MIME CA" +The extended key usage extension must be absent or include the \*(L"email +protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the +S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints +extension is absent. +.Ip "\fB\s-1CRL\s0 Signing\fR" 4 +.IX Item "CRL Signing" +The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit +set. +.Ip "\fB\s-1CRL\s0 Signing \s-1CA\s0\fR" 4 +.IX Item "CRL Signing CA" +The normal \s-1CA\s0 tests apply. Except in this case the basicConstraints extension +must be present. +.SH "BUGS" +.IX Header "BUGS" +Extensions in certificates are not transferred to certificate requests and +vice versa. +.PP +It is possible to produce invalid certificates or requests by specifying the +wrong private key or using inconsistent options in some cases: these should +be checked. +.PP +There should be options to explicitly set such things as start and end +dates rather than an offset from the current time. +.PP +The code to implement the verify behaviour described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR +is currently being developed. It thus describes the intended behaviour rather +than the current behaviour. It is hoped that it will represent reality in +OpenSSL 0.9.5 and later. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +req(1), ca(1), genrsa(1), +gendsa(1), verify(1) |
