diff options
| author | sjg <sjg@FreeBSD.org> | 2014-11-19 01:07:58 +0000 |
|---|---|---|
| committer | sjg <sjg@FreeBSD.org> | 2014-11-19 01:07:58 +0000 |
| commit | b137080f19736ee33fede2e88bb54438604cf86b (patch) | |
| tree | 377ac0ac449528621eb192cd245adadb5fd53668 /secure | |
| parent | ab21a29eb607d4dfe389b965fbdee27558e791aa (diff) | |
| parent | 4a8d07956d121238d006d34ffe7d6269744e8b1a (diff) | |
| download | FreeBSD-src-b137080f19736ee33fede2e88bb54438604cf86b.zip FreeBSD-src-b137080f19736ee33fede2e88bb54438604cf86b.tar.gz | |
Merge from head@274682
Diffstat (limited to 'secure')
350 files changed, 1459 insertions, 561 deletions
diff --git a/secure/lib/libcrypto/Makefile.inc b/secure/lib/libcrypto/Makefile.inc index 8fb841b..adc9fbf 100644 --- a/secure/lib/libcrypto/Makefile.inc +++ b/secure/lib/libcrypto/Makefile.inc @@ -3,8 +3,8 @@ .include <bsd.own.mk> # OpenSSL version used for manual page generation -OPENSSL_VER= 1.0.1h -OPENSSL_DATE= 2014-06-05 +OPENSSL_VER= 1.0.1j +OPENSSL_DATE= 2014-10-15 LCRYPTO_SRC= ${.CURDIR}/../../../crypto/openssl LCRYPTO_DOC= ${.CURDIR}/../../../crypto/openssl/doc diff --git a/secure/lib/libcrypto/Makefile.man b/secure/lib/libcrypto/Makefile.man index 2b88bd3..095356e 100644 --- a/secure/lib/libcrypto/Makefile.man +++ b/secure/lib/libcrypto/Makefile.man @@ -47,6 +47,7 @@ MAN+= BN_swap.3 MAN+= BN_zero.3 MAN+= CMS_add0_cert.3 MAN+= CMS_add1_recipient_cert.3 +MAN+= CMS_add1_signer.3 MAN+= CMS_compress.3 MAN+= CMS_decrypt.3 MAN+= CMS_encrypt.3 @@ -56,7 +57,6 @@ MAN+= CMS_get0_SignerInfos.3 MAN+= CMS_get0_type.3 MAN+= CMS_get1_ReceiptRequest.3 MAN+= CMS_sign.3 -MAN+= CMS_sign_add1_signer.3 MAN+= CMS_sign_receipt.3 MAN+= CMS_uncompress.3 MAN+= CMS_verify.3 @@ -397,6 +397,7 @@ MLINKS+= CMS_add0_cert.3 CMS_get1_certs.3 MLINKS+= CMS_add0_cert.3 CMS_add0_crl.3 MLINKS+= CMS_add0_cert.3 CMS_get1_crls.3 MLINKS+= CMS_add1_recipient_cert.3 CMS_add0_recipient_key.3 +MLINKS+= CMS_add1_signer.3 CMS_SignerInfo_sign.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_type.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_get0_signer_id.3 MLINKS+= CMS_get0_RecipientInfos.3 CMS_RecipientInfo_ktri_cert_cmp.3 @@ -413,7 +414,6 @@ MLINKS+= CMS_get0_type.3 CMS_get0_eContentType.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_create0.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_add1_ReceiptRequest.3 MLINKS+= CMS_get1_ReceiptRequest.3 CMS_ReceiptRequest_get0_values.3 -MLINKS+= CMS_sign_add1_signer.3 CMS_SignerInfo_sign.3 MLINKS+= CONF_modules_free.3 CONF_modules_finish.3 MLINKS+= CONF_modules_free.3 CONF_modules_unload.3 MLINKS+= CONF_modules_load_file.3 CONF_modules_load.3 diff --git a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 index b9c86e8..71ed173 100644 --- a/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 +++ b/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_OBJECT_new 3" -.TH ASN1_OBJECT_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ASN1_OBJECT_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_length.3 b/secure/lib/libcrypto/man/ASN1_STRING_length.3 index 6e0d228..2be88a3 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_length.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_length.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_length 3" -.TH ASN1_STRING_length 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ASN1_STRING_length 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_new.3 b/secure/lib/libcrypto/man/ASN1_STRING_new.3 index badbba1..9fce1c9 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_new.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_new 3" -.TH ASN1_STRING_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ASN1_STRING_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 index 1426345..ba782a8 100644 --- a/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 +++ b/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_STRING_print_ex 3" -.TH ASN1_STRING_print_ex 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ASN1_STRING_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 index 61bb3c0..91a2fbb 100644 --- a/secure/lib/libcrypto/man/ASN1_generate_nconf.3 +++ b/secure/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1_generate_nconf 3" -.TH ASN1_generate_nconf 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ASN1_generate_nconf 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -178,7 +178,7 @@ Encode the \fB\s-1NULL\s0\fR type, the \fBvalue\fR string must not be present. .IP "\fB\s-1INTEGER\s0\fR, \fB\s-1INT\s0\fR" 2 .IX Item "INTEGER, INT" Encodes an \s-1ASN1\s0 \fB\s-1INTEGER\s0\fR type. The \fBvalue\fR string represents -the value of the integer, it can be preceeded by a minus sign and +the value of the integer, it can be prefaced by a minus sign and is normally interpreted as a decimal value unless the prefix \fB0x\fR is included. .IP "\fB\s-1ENUMERATED\s0\fR, \fB\s-1ENUM\s0\fR" 2 diff --git a/secure/lib/libcrypto/man/BIO_ctrl.3 b/secure/lib/libcrypto/man/BIO_ctrl.3 index 4be5105..5471335 100644 --- a/secure/lib/libcrypto/man/BIO_ctrl.3 +++ b/secure/lib/libcrypto/man/BIO_ctrl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_ctrl 3" -.TH BIO_ctrl 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_base64.3 b/secure/lib/libcrypto/man/BIO_f_base64.3 index ac14a73..c9ae354 100644 --- a/secure/lib/libcrypto/man/BIO_f_base64.3 +++ b/secure/lib/libcrypto/man/BIO_f_base64.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_base64 3" -.TH BIO_f_base64 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_f_base64 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,11 +172,11 @@ to standard output: \& \& b64 = BIO_new(BIO_f_base64()); \& bio = BIO_new_fp(stdout, BIO_NOCLOSE); -\& bio = BIO_push(b64, bio); -\& BIO_write(bio, message, strlen(message)); -\& BIO_flush(bio); +\& BIO_push(b64, bio); +\& BIO_write(b64, message, strlen(message)); +\& BIO_flush(b64); \& -\& BIO_free_all(bio); +\& BIO_free_all(b64); .Ve .PP Read Base64 encoded data from standard input and write the decoded @@ -190,11 +190,12 @@ data to standard output: \& b64 = BIO_new(BIO_f_base64()); \& bio = BIO_new_fp(stdin, BIO_NOCLOSE); \& bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); -\& bio = BIO_push(b64, bio); -\& while((inlen = BIO_read(bio, inbuf, 512)) > 0) +\& BIO_push(b64, bio); +\& while((inlen = BIO_read(b64, inbuf, 512)) > 0) \& BIO_write(bio_out, inbuf, inlen); \& -\& BIO_free_all(bio); +\& BIO_flush(bio_out); +\& BIO_free_all(b64); .Ve .SH "BUGS" .IX Header "BUGS" diff --git a/secure/lib/libcrypto/man/BIO_f_buffer.3 b/secure/lib/libcrypto/man/BIO_f_buffer.3 index 071f33f..e5be835 100644 --- a/secure/lib/libcrypto/man/BIO_f_buffer.3 +++ b/secure/lib/libcrypto/man/BIO_f_buffer.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_buffer 3" -.TH BIO_f_buffer 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_f_buffer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_cipher.3 b/secure/lib/libcrypto/man/BIO_f_cipher.3 index 37d7b93..6e0a0c3 100644 --- a/secure/lib/libcrypto/man/BIO_f_cipher.3 +++ b/secure/lib/libcrypto/man/BIO_f_cipher.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_cipher 3" -.TH BIO_f_cipher 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_f_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_md.3 b/secure/lib/libcrypto/man/BIO_f_md.3 index 20ef45f..57a7e58 100644 --- a/secure/lib/libcrypto/man/BIO_f_md.3 +++ b/secure/lib/libcrypto/man/BIO_f_md.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_md 3" -.TH BIO_f_md 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_f_md 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_null.3 b/secure/lib/libcrypto/man/BIO_f_null.3 index ed6d5f9..c90186f 100644 --- a/secure/lib/libcrypto/man/BIO_f_null.3 +++ b/secure/lib/libcrypto/man/BIO_f_null.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_null 3" -.TH BIO_f_null 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_f_null 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_f_ssl.3 b/secure/lib/libcrypto/man/BIO_f_ssl.3 index 0bd6b14..f16c971 100644 --- a/secure/lib/libcrypto/man/BIO_f_ssl.3 +++ b/secure/lib/libcrypto/man/BIO_f_ssl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_f_ssl 3" -.TH BIO_f_ssl 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_f_ssl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_find_type.3 b/secure/lib/libcrypto/man/BIO_find_type.3 index 573498a..f0af94a 100644 --- a/secure/lib/libcrypto/man/BIO_find_type.3 +++ b/secure/lib/libcrypto/man/BIO_find_type.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_find_type 3" -.TH BIO_find_type 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_find_type 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new.3 b/secure/lib/libcrypto/man/BIO_new.3 index 0b69ef4..7d47353 100644 --- a/secure/lib/libcrypto/man/BIO_new.3 +++ b/secure/lib/libcrypto/man/BIO_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new 3" -.TH BIO_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_new_CMS.3 b/secure/lib/libcrypto/man/BIO_new_CMS.3 index 04f95ba..650cf59 100644 --- a/secure/lib/libcrypto/man/BIO_new_CMS.3 +++ b/secure/lib/libcrypto/man/BIO_new_CMS.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_new_CMS 3" -.TH BIO_new_CMS 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_new_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_push.3 b/secure/lib/libcrypto/man/BIO_push.3 index 07542fe..f2f4fc0 100644 --- a/secure/lib/libcrypto/man/BIO_push.3 +++ b/secure/lib/libcrypto/man/BIO_push.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_push 3" -.TH BIO_push 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_push 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +168,7 @@ If the call: \& BIO_push(b64, f); .Ve .PP -is made then the new chain will be \fBb64\-chain\fR. After making the calls +is made then the new chain will be \fBb64\-f\fR. After making the calls .PP .Vb 2 \& BIO_push(md2, b64); diff --git a/secure/lib/libcrypto/man/BIO_read.3 b/secure/lib/libcrypto/man/BIO_read.3 index fa10514..7778c2e 100644 --- a/secure/lib/libcrypto/man/BIO_read.3 +++ b/secure/lib/libcrypto/man/BIO_read.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_read 3" -.TH BIO_read 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_read 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_accept.3 b/secure/lib/libcrypto/man/BIO_s_accept.3 index c60982b..e370a9e 100644 --- a/secure/lib/libcrypto/man/BIO_s_accept.3 +++ b/secure/lib/libcrypto/man/BIO_s_accept.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_accept 3" -.TH BIO_s_accept 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_accept 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -187,8 +187,8 @@ the accept socket. See \fIBIO_s_fd\fR\|(3) \&\fIBIO_set_accept_port()\fR uses the string \fBname\fR to set the accept port. The port is represented as a string of the form \*(L"host:port\*(R", where \*(L"host\*(R" is the interface to use and \*(L"port\*(R" is the port. -Either or both values can be \*(L"*\*(R" which is interpreted as meaning -any interface or port respectively. \*(L"port\*(R" has the same syntax +The host can be can be \*(L"*\*(R" which is interpreted as meaning +any interface; \*(L"port\*(R" has the same syntax as the port specified in \fIBIO_set_conn_port()\fR for connect BIOs, that is it can be a numerical port string or a string to lookup using \fIgetservbyname()\fR and a string table. diff --git a/secure/lib/libcrypto/man/BIO_s_bio.3 b/secure/lib/libcrypto/man/BIO_s_bio.3 index 4891302..6aaa478 100644 --- a/secure/lib/libcrypto/man/BIO_s_bio.3 +++ b/secure/lib/libcrypto/man/BIO_s_bio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_bio 3" -.TH BIO_s_bio 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_connect.3 b/secure/lib/libcrypto/man/BIO_s_connect.3 index 74b6d2d..a51cc92 100644 --- a/secure/lib/libcrypto/man/BIO_s_connect.3 +++ b/secure/lib/libcrypto/man/BIO_s_connect.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_connect 3" -.TH BIO_s_connect 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_connect 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_fd.3 b/secure/lib/libcrypto/man/BIO_s_fd.3 index 16b20e0..6fd7657 100644 --- a/secure/lib/libcrypto/man/BIO_s_fd.3 +++ b/secure/lib/libcrypto/man/BIO_s_fd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_fd 3" -.TH BIO_s_fd 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_file.3 b/secure/lib/libcrypto/man/BIO_s_file.3 index 337f2b2..337a9dd 100644 --- a/secure/lib/libcrypto/man/BIO_s_file.3 +++ b/secure/lib/libcrypto/man/BIO_s_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_file 3" -.TH BIO_s_file 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_mem.3 b/secure/lib/libcrypto/man/BIO_s_mem.3 index b911551..72421dc 100644 --- a/secure/lib/libcrypto/man/BIO_s_mem.3 +++ b/secure/lib/libcrypto/man/BIO_s_mem.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_mem 3" -.TH BIO_s_mem 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_mem 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_null.3 b/secure/lib/libcrypto/man/BIO_s_null.3 index 9b89c30..0bdfee4 100644 --- a/secure/lib/libcrypto/man/BIO_s_null.3 +++ b/secure/lib/libcrypto/man/BIO_s_null.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_null 3" -.TH BIO_s_null 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_null 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_s_socket.3 b/secure/lib/libcrypto/man/BIO_s_socket.3 index 7a197b6..7cf5df7 100644 --- a/secure/lib/libcrypto/man/BIO_s_socket.3 +++ b/secure/lib/libcrypto/man/BIO_s_socket.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_s_socket 3" -.TH BIO_s_socket 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_s_socket 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_set_callback.3 b/secure/lib/libcrypto/man/BIO_set_callback.3 index 398e64b..2c6618c 100644 --- a/secure/lib/libcrypto/man/BIO_set_callback.3 +++ b/secure/lib/libcrypto/man/BIO_set_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_set_callback 3" -.TH BIO_set_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_set_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BIO_should_retry.3 b/secure/lib/libcrypto/man/BIO_should_retry.3 index 9da1ab9..1590f97 100644 --- a/secure/lib/libcrypto/man/BIO_should_retry.3 +++ b/secure/lib/libcrypto/man/BIO_should_retry.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BIO_should_retry 3" -.TH BIO_should_retry 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BIO_should_retry 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_BLINDING_new.3 b/secure/lib/libcrypto/man/BN_BLINDING_new.3 index a65ab18..5d7a0e8 100644 --- a/secure/lib/libcrypto/man/BN_BLINDING_new.3 +++ b/secure/lib/libcrypto/man/BN_BLINDING_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_BLINDING_new 3" -.TH BN_BLINDING_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_BLINDING_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_new.3 b/secure/lib/libcrypto/man/BN_CTX_new.3 index f878dd2..66dcd12 100644 --- a/secure/lib/libcrypto/man/BN_CTX_new.3 +++ b/secure/lib/libcrypto/man/BN_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_new 3" -.TH BN_CTX_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_CTX_start.3 b/secure/lib/libcrypto/man/BN_CTX_start.3 index 658d761..f69b705 100644 --- a/secure/lib/libcrypto/man/BN_CTX_start.3 +++ b/secure/lib/libcrypto/man/BN_CTX_start.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_CTX_start 3" -.TH BN_CTX_start 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_CTX_start 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add.3 b/secure/lib/libcrypto/man/BN_add.3 index ac4a815..b446d4c 100644 --- a/secure/lib/libcrypto/man/BN_add.3 +++ b/secure/lib/libcrypto/man/BN_add.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add 3" -.TH BN_add 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_add 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_add_word.3 b/secure/lib/libcrypto/man/BN_add_word.3 index 7cf46cf..33d20b4 100644 --- a/secure/lib/libcrypto/man/BN_add_word.3 +++ b/secure/lib/libcrypto/man/BN_add_word.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_add_word 3" -.TH BN_add_word 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_add_word 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_bn2bin.3 b/secure/lib/libcrypto/man/BN_bn2bin.3 index 2e378aa..9375149 100644 --- a/secure/lib/libcrypto/man/BN_bn2bin.3 +++ b/secure/lib/libcrypto/man/BN_bn2bin.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_bn2bin 3" -.TH BN_bn2bin 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_bn2bin 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_cmp.3 b/secure/lib/libcrypto/man/BN_cmp.3 index 7a1b11f..bc035ec 100644 --- a/secure/lib/libcrypto/man/BN_cmp.3 +++ b/secure/lib/libcrypto/man/BN_cmp.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_cmp 3" -.TH BN_cmp 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_copy.3 b/secure/lib/libcrypto/man/BN_copy.3 index 78a053a..fcf2ab5 100644 --- a/secure/lib/libcrypto/man/BN_copy.3 +++ b/secure/lib/libcrypto/man/BN_copy.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_copy 3" -.TH BN_copy 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_copy 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_generate_prime.3 b/secure/lib/libcrypto/man/BN_generate_prime.3 index 88e6573..bd8a469 100644 --- a/secure/lib/libcrypto/man/BN_generate_prime.3 +++ b/secure/lib/libcrypto/man/BN_generate_prime.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_generate_prime 3" -.TH BN_generate_prime 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_generate_prime 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_inverse.3 b/secure/lib/libcrypto/man/BN_mod_inverse.3 index 3ca39e3..5d6ce78 100644 --- a/secure/lib/libcrypto/man/BN_mod_inverse.3 +++ b/secure/lib/libcrypto/man/BN_mod_inverse.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_inverse 3" -.TH BN_mod_inverse 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_mod_inverse 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 index 65f3750..85c3597 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_montgomery 3" -.TH BN_mod_mul_montgomery 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_mod_mul_montgomery 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 index 5a0b52d..ef922a2 100644 --- a/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 +++ b/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_mod_mul_reciprocal 3" -.TH BN_mod_mul_reciprocal 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_mod_mul_reciprocal 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_new.3 b/secure/lib/libcrypto/man/BN_new.3 index 1f10a0b..1ecfdb5 100644 --- a/secure/lib/libcrypto/man/BN_new.3 +++ b/secure/lib/libcrypto/man/BN_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_new 3" -.TH BN_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_num_bytes.3 b/secure/lib/libcrypto/man/BN_num_bytes.3 index 0daa1db..9bdf420 100644 --- a/secure/lib/libcrypto/man/BN_num_bytes.3 +++ b/secure/lib/libcrypto/man/BN_num_bytes.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_num_bytes 3" -.TH BN_num_bytes 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_num_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_rand.3 b/secure/lib/libcrypto/man/BN_rand.3 index 936c48f..c86aeb0 100644 --- a/secure/lib/libcrypto/man/BN_rand.3 +++ b/secure/lib/libcrypto/man/BN_rand.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_rand 3" -.TH BN_rand 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_rand 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_set_bit.3 b/secure/lib/libcrypto/man/BN_set_bit.3 index b3001ce..11fac7d 100644 --- a/secure/lib/libcrypto/man/BN_set_bit.3 +++ b/secure/lib/libcrypto/man/BN_set_bit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_set_bit 3" -.TH BN_set_bit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_set_bit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_swap.3 b/secure/lib/libcrypto/man/BN_swap.3 index 201c9d8..1c30db1 100644 --- a/secure/lib/libcrypto/man/BN_swap.3 +++ b/secure/lib/libcrypto/man/BN_swap.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_swap 3" -.TH BN_swap 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_swap 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/BN_zero.3 b/secure/lib/libcrypto/man/BN_zero.3 index 9cd0d6c..ffc9f55 100644 --- a/secure/lib/libcrypto/man/BN_zero.3 +++ b/secure/lib/libcrypto/man/BN_zero.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "BN_zero 3" -.TH BN_zero 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH BN_zero 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add0_cert.3 b/secure/lib/libcrypto/man/CMS_add0_cert.3 index 4903530..1a549bb 100644 --- a/secure/lib/libcrypto/man/CMS_add0_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add0_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add0_cert 3" -.TH CMS_add0_cert 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_add0_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 index da6657e..f40e50e 100644 --- a/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 +++ b/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_add1_recipient_cert 3" -.TH CMS_add1_recipient_cert 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_add1_recipient_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 b/secure/lib/libcrypto/man/CMS_add1_signer.3 index cd42f73..8eb6505 100644 --- a/secure/lib/libcrypto/man/CMS_sign_add1_signer.3 +++ b/secure/lib/libcrypto/man/CMS_add1_signer.3 @@ -123,28 +123,28 @@ .rm #[ #] #H #V #F C .\" ======================================================================== .\" -.IX Title "CMS_sign_add1_signer 3" -.TH CMS_sign_add1_signer 3 "2014-06-05" "1.0.1h" "OpenSSL" +.IX Title "CMS_add1_signer 3" +.TH CMS_add1_signer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" .Vb 1 -\& CMS_sign_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. +\& CMS_add1_signer, CMS_SignerInfo_sign \- add a signer to a CMS_ContentInfo signed data structure. .Ve .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& #include <openssl/cms.h> \& -\& CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); +\& CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); \& \& int CMS_SignerInfo_sign(CMS_SignerInfo *si); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fICMS_sign_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private +\&\fICMS_add1_signer()\fR adds a signer with certificate \fBsigncert\fR and private key \fBpkey\fR using message digest \fBmd\fR to CMS_ContentInfo SignedData structure \fBcms\fR. .PP @@ -164,7 +164,7 @@ structure, its main use is when \fB\s-1CMS_REUSE_DIGEST\s0\fR and \fB\s-1CMS_PAR are both set. .SH "NOTES" .IX Header "NOTES" -The main purpose of \fICMS_sign_add1_signer()\fR is to provide finer control +The main purpose of \fICMS_add1_signer()\fR is to provide finer control over a \s-1CMS\s0 signed data structure where the simpler \fICMS_sign()\fR function defaults are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned @@ -208,12 +208,12 @@ bit \s-1AES\s0, 128 bit \s-1AES\s0, triple \s-1DES\s0, 128 bit \s-1RC2\s0, 64 bi If any of these algorithms is not available then it will not be included: for example the \s-1GOST\s0 algorithms will not be included if the \s-1GOST\s0 \s-1ENGINE\s0 is not loaded. .PP -\&\fICMS_sign_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fICMS_sign1_add_signers()\fR returns an internal pointer to the CMS_SignerInfo +\&\fICMS_add1_signer()\fR returns an internal pointer to the CMS_SignerInfo structure just added or \s-1NULL\s0 if an error occurs. .SH "SEE ALSO" .IX Header "SEE ALSO" @@ -221,4 +221,4 @@ structure just added or \s-1NULL\s0 if an error occurs. \&\fICMS_final\fR\|(3), .SH "HISTORY" .IX Header "HISTORY" -\&\fICMS_sign_add1_signer()\fR was added to OpenSSL 0.9.8 +\&\fICMS_add1_signer()\fR was added to OpenSSL 0.9.8 diff --git a/secure/lib/libcrypto/man/CMS_compress.3 b/secure/lib/libcrypto/man/CMS_compress.3 index 5775615..0e6af65 100644 --- a/secure/lib/libcrypto/man/CMS_compress.3 +++ b/secure/lib/libcrypto/man/CMS_compress.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_compress 3" -.TH CMS_compress 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_compress 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_decrypt.3 b/secure/lib/libcrypto/man/CMS_decrypt.3 index c3bb343..7b2e424 100644 --- a/secure/lib/libcrypto/man/CMS_decrypt.3 +++ b/secure/lib/libcrypto/man/CMS_decrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_decrypt 3" -.TH CMS_decrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_encrypt.3 b/secure/lib/libcrypto/man/CMS_encrypt.3 index fb76dcc..d37152e 100644 --- a/secure/lib/libcrypto/man/CMS_encrypt.3 +++ b/secure/lib/libcrypto/man/CMS_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_encrypt 3" -.TH CMS_encrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_final.3 b/secure/lib/libcrypto/man/CMS_final.3 index 8900389..fb8afcb 100644 --- a/secure/lib/libcrypto/man/CMS_final.3 +++ b/secure/lib/libcrypto/man/CMS_final.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_final 3" -.TH CMS_final 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_final 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 index dd8266b..d6e4766 100644 --- a/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_RecipientInfos 3" -.TH CMS_get0_RecipientInfos 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_get0_RecipientInfos 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 index 016f184..e52b9c6 100644 --- a/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 +++ b/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_SignerInfos 3" -.TH CMS_get0_SignerInfos 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_get0_SignerInfos 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get0_type.3 b/secure/lib/libcrypto/man/CMS_get0_type.3 index 3fa2bdb..1a848ae 100644 --- a/secure/lib/libcrypto/man/CMS_get0_type.3 +++ b/secure/lib/libcrypto/man/CMS_get0_type.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get0_type 3" -.TH CMS_get0_type 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_get0_type 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 index 3a74614..bd41eb8 100644 --- a/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 +++ b/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_get1_ReceiptRequest 3" -.TH CMS_get1_ReceiptRequest 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_get1_ReceiptRequest 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign.3 b/secure/lib/libcrypto/man/CMS_sign.3 index 5936b29..a1430ad 100644 --- a/secure/lib/libcrypto/man/CMS_sign.3 +++ b/secure/lib/libcrypto/man/CMS_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign 3" -.TH CMS_sign 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_sign_receipt.3 b/secure/lib/libcrypto/man/CMS_sign_receipt.3 index 4c73d60..17c157f 100644 --- a/secure/lib/libcrypto/man/CMS_sign_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_sign_receipt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_sign_receipt 3" -.TH CMS_sign_receipt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_sign_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_uncompress.3 b/secure/lib/libcrypto/man/CMS_uncompress.3 index 7691da8..812002e 100644 --- a/secure/lib/libcrypto/man/CMS_uncompress.3 +++ b/secure/lib/libcrypto/man/CMS_uncompress.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_uncompress 3" -.TH CMS_uncompress 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_uncompress 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify.3 b/secure/lib/libcrypto/man/CMS_verify.3 index 4205f97..acdccc2 100644 --- a/secure/lib/libcrypto/man/CMS_verify.3 +++ b/secure/lib/libcrypto/man/CMS_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify 3" -.TH CMS_verify 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CMS_verify_receipt.3 b/secure/lib/libcrypto/man/CMS_verify_receipt.3 index 7d2a2be..460634b 100644 --- a/secure/lib/libcrypto/man/CMS_verify_receipt.3 +++ b/secure/lib/libcrypto/man/CMS_verify_receipt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS_verify_receipt 3" -.TH CMS_verify_receipt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS_verify_receipt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_free.3 b/secure/lib/libcrypto/man/CONF_modules_free.3 index 5058492..0e75a1f 100644 --- a/secure/lib/libcrypto/man/CONF_modules_free.3 +++ b/secure/lib/libcrypto/man/CONF_modules_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_free 3" -.TH CONF_modules_free 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CONF_modules_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CONF_modules_load_file.3 b/secure/lib/libcrypto/man/CONF_modules_load_file.3 index 1411089..7d00b03 100644 --- a/secure/lib/libcrypto/man/CONF_modules_load_file.3 +++ b/secure/lib/libcrypto/man/CONF_modules_load_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CONF_modules_load_file 3" -.TH CONF_modules_load_file 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CONF_modules_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 index 0caf575..1bcd3ef 100644 --- a/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 +++ b/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRYPTO_set_ex_data 3" -.TH CRYPTO_set_ex_data 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CRYPTO_set_ex_data 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_key.3 b/secure/lib/libcrypto/man/DH_generate_key.3 index 076185c..aac2544 100644 --- a/secure/lib/libcrypto/man/DH_generate_key.3 +++ b/secure/lib/libcrypto/man/DH_generate_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_key 3" -.TH DH_generate_key 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DH_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_generate_parameters.3 b/secure/lib/libcrypto/man/DH_generate_parameters.3 index 9b257c1..fba24a7 100644 --- a/secure/lib/libcrypto/man/DH_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DH_generate_parameters.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_generate_parameters 3" -.TH DH_generate_parameters 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DH_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 index 0a3f49b..fb8f1f0 100644 --- a/secure/lib/libcrypto/man/DH_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_get_ex_new_index 3" -.TH DH_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DH_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_new.3 b/secure/lib/libcrypto/man/DH_new.3 index 2b6e703..d16ab5a 100644 --- a/secure/lib/libcrypto/man/DH_new.3 +++ b/secure/lib/libcrypto/man/DH_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_new 3" -.TH DH_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DH_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_set_method.3 b/secure/lib/libcrypto/man/DH_set_method.3 index 98d0a8b..8868f61 100644 --- a/secure/lib/libcrypto/man/DH_set_method.3 +++ b/secure/lib/libcrypto/man/DH_set_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_set_method 3" -.TH DH_set_method 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DH_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DH_size.3 b/secure/lib/libcrypto/man/DH_size.3 index fe8b762..c1aa7e7 100644 --- a/secure/lib/libcrypto/man/DH_size.3 +++ b/secure/lib/libcrypto/man/DH_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DH_size 3" -.TH DH_size 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DH_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_SIG_new.3 b/secure/lib/libcrypto/man/DSA_SIG_new.3 index bf44edb..5d57e16 100644 --- a/secure/lib/libcrypto/man/DSA_SIG_new.3 +++ b/secure/lib/libcrypto/man/DSA_SIG_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_SIG_new 3" -.TH DSA_SIG_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_SIG_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_do_sign.3 b/secure/lib/libcrypto/man/DSA_do_sign.3 index 05ed9bb..bd3b157 100644 --- a/secure/lib/libcrypto/man/DSA_do_sign.3 +++ b/secure/lib/libcrypto/man/DSA_do_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_do_sign 3" -.TH DSA_do_sign 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_do_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_dup_DH.3 b/secure/lib/libcrypto/man/DSA_dup_DH.3 index 6e3bdb5..539bbe8 100644 --- a/secure/lib/libcrypto/man/DSA_dup_DH.3 +++ b/secure/lib/libcrypto/man/DSA_dup_DH.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_dup_DH 3" -.TH DSA_dup_DH 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_dup_DH 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_key.3 b/secure/lib/libcrypto/man/DSA_generate_key.3 index e26bce1..831de26 100644 --- a/secure/lib/libcrypto/man/DSA_generate_key.3 +++ b/secure/lib/libcrypto/man/DSA_generate_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_key 3" -.TH DSA_generate_key 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_generate_parameters.3 b/secure/lib/libcrypto/man/DSA_generate_parameters.3 index 9108849..6114d3b 100644 --- a/secure/lib/libcrypto/man/DSA_generate_parameters.3 +++ b/secure/lib/libcrypto/man/DSA_generate_parameters.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_generate_parameters 3" -.TH DSA_generate_parameters 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_generate_parameters 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 index 5bf8cb5..0387194 100644 --- a/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_get_ex_new_index 3" -.TH DSA_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_new.3 b/secure/lib/libcrypto/man/DSA_new.3 index d393c7a..e1aa0ca 100644 --- a/secure/lib/libcrypto/man/DSA_new.3 +++ b/secure/lib/libcrypto/man/DSA_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_new 3" -.TH DSA_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_set_method.3 b/secure/lib/libcrypto/man/DSA_set_method.3 index 5c21c97..baefa6d 100644 --- a/secure/lib/libcrypto/man/DSA_set_method.3 +++ b/secure/lib/libcrypto/man/DSA_set_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_set_method 3" -.TH DSA_set_method 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_sign.3 b/secure/lib/libcrypto/man/DSA_sign.3 index 4c2b6f0..58ed2de 100644 --- a/secure/lib/libcrypto/man/DSA_sign.3 +++ b/secure/lib/libcrypto/man/DSA_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_sign 3" -.TH DSA_sign 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/DSA_size.3 b/secure/lib/libcrypto/man/DSA_size.3 index 60f8528..c689c06 100644 --- a/secure/lib/libcrypto/man/DSA_size.3 +++ b/secure/lib/libcrypto/man/DSA_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA_size 3" -.TH DSA_size 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_GET_LIB.3 b/secure/lib/libcrypto/man/ERR_GET_LIB.3 index 27b7202..ebdfa01 100644 --- a/secure/lib/libcrypto/man/ERR_GET_LIB.3 +++ b/secure/lib/libcrypto/man/ERR_GET_LIB.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_GET_LIB 3" -.TH ERR_GET_LIB 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_GET_LIB 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_clear_error.3 b/secure/lib/libcrypto/man/ERR_clear_error.3 index 9b0c35b..24fd7f3 100644 --- a/secure/lib/libcrypto/man/ERR_clear_error.3 +++ b/secure/lib/libcrypto/man/ERR_clear_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_clear_error 3" -.TH ERR_clear_error 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_clear_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_error_string.3 b/secure/lib/libcrypto/man/ERR_error_string.3 index 670034f..ddacdc9 100644 --- a/secure/lib/libcrypto/man/ERR_error_string.3 +++ b/secure/lib/libcrypto/man/ERR_error_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_error_string 3" -.TH ERR_error_string 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_error_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_get_error.3 b/secure/lib/libcrypto/man/ERR_get_error.3 index 21559a0..8110d43 100644 --- a/secure/lib/libcrypto/man/ERR_get_error.3 +++ b/secure/lib/libcrypto/man/ERR_get_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_get_error 3" -.TH ERR_get_error 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -177,7 +177,7 @@ additionally store the file name and line number where the error occurred in *\fBfile\fR and *\fBline\fR, unless these are \fB\s-1NULL\s0\fR. .PP \&\fIERR_get_error_line_data()\fR, \fIERR_peek_error_line_data()\fR and -\&\fIERR_get_last_error_line_data()\fR store additional data and flags +\&\fIERR_peek_last_error_line_data()\fR store additional data and flags associated with the error code in *\fBdata\fR and *\fBflags\fR, unless these are \fB\s-1NULL\s0\fR. *\fBdata\fR contains a string if *\fBflags\fR&\fB\s-1ERR_TXT_STRING\s0\fR is true. diff --git a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 index f98a8f6..aafb918 100644 --- a/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_crypto_strings 3" -.TH ERR_load_crypto_strings 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_load_crypto_strings 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_load_strings.3 b/secure/lib/libcrypto/man/ERR_load_strings.3 index a545361..6683dd5 100644 --- a/secure/lib/libcrypto/man/ERR_load_strings.3 +++ b/secure/lib/libcrypto/man/ERR_load_strings.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_load_strings 3" -.TH ERR_load_strings 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_load_strings 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_print_errors.3 b/secure/lib/libcrypto/man/ERR_print_errors.3 index 00f6575..bc81b5d 100644 --- a/secure/lib/libcrypto/man/ERR_print_errors.3 +++ b/secure/lib/libcrypto/man/ERR_print_errors.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_print_errors 3" -.TH ERR_print_errors 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_print_errors 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_put_error.3 b/secure/lib/libcrypto/man/ERR_put_error.3 index 2d73735..33820a7 100644 --- a/secure/lib/libcrypto/man/ERR_put_error.3 +++ b/secure/lib/libcrypto/man/ERR_put_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_put_error 3" -.TH ERR_put_error 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_put_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_remove_state.3 b/secure/lib/libcrypto/man/ERR_remove_state.3 index 602179f..db9228c 100644 --- a/secure/lib/libcrypto/man/ERR_remove_state.3 +++ b/secure/lib/libcrypto/man/ERR_remove_state.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_remove_state 3" -.TH ERR_remove_state 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_remove_state 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ERR_set_mark.3 b/secure/lib/libcrypto/man/ERR_set_mark.3 index 9aa4ea5..3b0f52b 100644 --- a/secure/lib/libcrypto/man/ERR_set_mark.3 +++ b/secure/lib/libcrypto/man/ERR_set_mark.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERR_set_mark 3" -.TH ERR_set_mark 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERR_set_mark 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_BytesToKey.3 b/secure/lib/libcrypto/man/EVP_BytesToKey.3 index 0890ae1..448ad2a 100644 --- a/secure/lib/libcrypto/man/EVP_BytesToKey.3 +++ b/secure/lib/libcrypto/man/EVP_BytesToKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_BytesToKey 3" -.TH EVP_BytesToKey 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_BytesToKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestInit.3 b/secure/lib/libcrypto/man/EVP_DigestInit.3 index b1b51d0..0536aae 100644 --- a/secure/lib/libcrypto/man/EVP_DigestInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestInit 3" -.TH EVP_DigestInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_DigestInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -154,13 +154,13 @@ EVP digest routines \& int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); \& void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); \& -\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); +\& int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); \& \& int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); \& int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, \& unsigned int *s); \& -\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); +\& int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); \& \& #define EVP_MAX_MD_SIZE 64 /* SHA512 */ \& @@ -267,7 +267,7 @@ structures for the \s-1MD2\s0, \s-1MD5\s0, \s-1SHA\s0, \s-1SHA1\s0, \s-1SHA224\s and \s-1RIPEMD160\s0 digest algorithms respectively. .PP \&\fIEVP_dss()\fR and \fIEVP_dss1()\fR return \fB\s-1EVP_MD\s0\fR structures for \s-1SHA\s0 and \s-1SHA1\s0 digest -algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is +algorithms but using \s-1DSS\s0 (\s-1DSA\s0) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. .PP @@ -288,9 +288,8 @@ success and 0 for failure. \&\fIEVP_MD_type()\fR, \fIEVP_MD_pkey_type()\fR and \fIEVP_MD_type()\fR return the \s-1NID\s0 of the corresponding \s-1OBJECT\s0 \s-1IDENTIFIER\s0 or NID_undef if none exists. .PP -\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, EVP_MD_CTX_size(e), \fIEVP_MD_size()\fR, -\&\fIEVP_MD_CTX_block_size()\fR and \fIEVP_MD_block_size()\fR return the digest or block -size in bytes. +\&\fIEVP_MD_size()\fR, \fIEVP_MD_block_size()\fR, \fIEVP_MD_CTX_size()\fR and +\&\fIEVP_MD_CTX_block_size()\fR return the digest or block size in bytes. .PP \&\fIEVP_md_null()\fR, \fIEVP_md2()\fR, \fIEVP_md5()\fR, \fIEVP_sha()\fR, \fIEVP_sha1()\fR, \fIEVP_dss()\fR, \&\fIEVP_dss1()\fR, \fIEVP_mdc2()\fR and \fIEVP_ripemd160()\fR return pointers to the @@ -304,15 +303,15 @@ The \fB\s-1EVP\s0\fR interface to message digests should almost always be used i preference to the low level interfaces. This is because the code then becomes transparent to the digest used and much more flexible. .PP -New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. +New applications should use the \s-1SHA2\s0 digest algorithms such as \s-1SHA256\s0. The other digest algorithms are still in common use. .PP For most applications the \fBimpl\fR parameter to \fIEVP_DigestInit_ex()\fR will be set to \s-1NULL\s0 to use the default digest implementation. .PP -The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are +The functions \fIEVP_DigestInit()\fR, \fIEVP_DigestFinal()\fR and \fIEVP_MD_CTX_copy()\fR are obsolete but are retained to maintain compatibility with existing code. New -applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and +applications should use \fIEVP_DigestInit_ex()\fR, \fIEVP_DigestFinal_ex()\fR and \&\fIEVP_MD_CTX_copy_ex()\fR because they can efficiently reuse a digest context instead of initializing and cleaning it up on each call and allow non default implementations of digests to be specified. @@ -375,15 +374,19 @@ digest name passed on the command line. \& EVP_MD_CTX_destroy(mdctx); \& \& printf("Digest is: "); -\& for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); +\& for(i = 0; i < md_len; i++) +\& printf("%02x", md_value[i]); \& printf("\en"); +\& +\& /* Call this once before exit. */ +\& EVP_cleanup(); +\& exit(0); \& } .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIevp\fR\|(3), \fIhmac\fR\|(3), \fImd2\fR\|(3), -\&\fImd5\fR\|(3), \fImdc2\fR\|(3), \fIripemd\fR\|(3), -\&\fIsha\fR\|(3), \fIdgst\fR\|(1) +\&\fIdgst\fR\|(1), +\&\fIevp\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" \&\fIEVP_DigestInit()\fR, \fIEVP_DigestUpdate()\fR and \fIEVP_DigestFinal()\fR are @@ -398,7 +401,7 @@ and \fIEVP_DigestFinal_ex()\fR were added in OpenSSL 0.9.7. changed to return truely const \s-1EVP_MD\s0 * in OpenSSL 0.9.7. .PP The link between digests and signing algorithms was fixed in OpenSSL 1.0 and -later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0, there is no need to +later, so now \fIEVP_sha1()\fR can be used with \s-1RSA\s0 and \s-1DSA\s0; there is no need to use \fIEVP_dss1()\fR any more. .PP OpenSSL 1.0 and later does not include the \s-1MD2\s0 digest algorithm in the diff --git a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 index 3e0a3bf..274d761 100644 --- a/secure/lib/libcrypto/man/EVP_DigestSignInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestSignInit 3" -.TH EVP_DigestSignInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_DigestSignInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 index d2822b3..2db25cc 100644 --- a/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_DigestVerifyInit 3" -.TH EVP_DigestVerifyInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_DigestVerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ or a negative value for failure. In particular a return value of \-2 indicates the operation is not supported by the public key algorithm. .PP Unlike other functions the return value 0 from \fIEVP_DigestVerifyFinal()\fR only -indicates that the signature did not not verify successfully (that is tbs did +indicates that the signature did not verify successfully (that is tbs did not match the original data or the signature was of invalid form) it is not an indication of a more serious error. .PP @@ -185,7 +185,7 @@ For some key types and parameters the random number generator must be seeded or the operation will fail. .PP The call to \fIEVP_DigestVerifyFinal()\fR internally finalizes a copy of the digest -context. This means that calls to \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can +context. This means that \fIEVP_VerifyUpdate()\fR and \fIEVP_VerifyFinal()\fR can be called later to digest and verify additional data. .PP Since only a copy of the digest context is ever finalized the context must diff --git a/secure/lib/libcrypto/man/EVP_EncryptInit.3 b/secure/lib/libcrypto/man/EVP_EncryptInit.3 index 3ea9ab2..07532b9 100644 --- a/secure/lib/libcrypto/man/EVP_EncryptInit.3 +++ b/secure/lib/libcrypto/man/EVP_EncryptInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_EncryptInit 3" -.TH EVP_EncryptInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_EncryptInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -452,7 +452,10 @@ bits and 12 rounds. .IX Header "NOTES" Where possible the \fB\s-1EVP\s0\fR interface to symmetric ciphers should be used in preference to the low level interfaces. This is because the code then becomes -transparent to the cipher used and much more flexible. +transparent to the cipher used and much more flexible. Additionally, the +\&\fB\s-1EVP\s0\fR interface will ensure the use of platform specific cryptographic +acceleration such as AES-NI (the low level interfaces do not provide the +guarantee). .PP \&\s-1PKCS\s0 padding works by adding \fBn\fR padding bytes of value \fBn\fR to make the total length of the encrypted data a multiple of the block size. Padding is always @@ -490,37 +493,9 @@ The \s-1ASN1\s0 code is incomplete (and sometimes inaccurate) it has only been t for certain common S/MIME ciphers (\s-1RC2\s0, \s-1DES\s0, triple \s-1DES\s0) in \s-1CBC\s0 mode. .SH "EXAMPLES" .IX Header "EXAMPLES" -Get the number of rounds used in \s-1RC5:\s0 +Encrypt a string using \s-1IDEA:\s0 .PP -.Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); -.Ve -.PP -Get the \s-1RC2\s0 effective key length: -.PP -.Vb 2 -\& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); -.Ve -.PP -Set the number of rounds used in \s-1RC5:\s0 -.PP -.Vb 2 -\& int nrounds; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); -.Ve -.PP -Set the effective key length used in \s-1RC2:\s0 -.PP -.Vb 2 -\& int key_bits; -\& EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); -.Ve -.PP -Encrypt a string using blowfish: -.PP -.Vb 10 +.Vb 12 \& int do_crypt(char *outfile) \& { \& unsigned char outbuf[1024]; @@ -533,8 +508,9 @@ Encrypt a string using blowfish: \& char intext[] = "Some Crypto Text"; \& EVP_CIPHER_CTX ctx; \& FILE *out; +\& \& EVP_CIPHER_CTX_init(&ctx); -\& EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); +\& EVP_EncryptInit_ex(&ctx, EVP_idea_cbc(), NULL, key, iv); \& \& if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) \& { @@ -564,31 +540,37 @@ Encrypt a string using blowfish: .Ve .PP The ciphertext from the above example can be decrypted using the \fBopenssl\fR -utility with the command line: +utility with the command line (shown on two lines for clarity): .PP -.Vb 1 -\& S<openssl bf \-in cipher.bin \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 \-d> +.Vb 2 +\& openssl idea \-d <filename +\& \-K 000102030405060708090A0B0C0D0E0F \-iv 0102030405060708 .Ve .PP -General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC2\s0 with an -80 bit key: +General encryption and decryption function example using \s-1FILE\s0 I/O and \s-1AES128\s0 +with a 128\-bit key: .PP -.Vb 10 +.Vb 11 \& int do_crypt(FILE *in, FILE *out, int do_encrypt) \& { \& /* Allow enough space in output buffer for additional block */ -\& inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; +\& unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; \& int inlen, outlen; +\& EVP_CIPHER_CTX ctx; \& /* Bogus key and IV: we\*(Aqd normally set these from \& * another source. \& */ -\& unsigned char key[] = "0123456789"; -\& unsigned char iv[] = "12345678"; -\& /* Don\*(Aqt set key or IV because we will modify the parameters */ +\& unsigned char key[] = "0123456789abcdeF"; +\& unsigned char iv[] = "1234567887654321"; +\& +\& /* Don\*(Aqt set key or IV right away; we want to check lengths */ \& EVP_CIPHER_CTX_init(&ctx); -\& EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); -\& EVP_CIPHER_CTX_set_key_length(&ctx, 10); -\& /* We finished modifying parameters so now we can set key and IV */ +\& EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, +\& do_encrypt); +\& OPENSSL_assert(EVP_CIPHER_CTX_key_length(&ctx) == 16); +\& OPENSSL_assert(EVP_CIPHER_CTX_iv_length(&ctx) == 16); +\& +\& /* Now we can set key and IV */ \& EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); \& \& for(;;) @@ -624,3 +606,6 @@ General encryption, decryption function example using \s-1FILE\s0 I/O and \s-1RC \&\fIEVP_DecryptInit_ex()\fR, \fIEVP_DecryptFinal_ex()\fR, \fIEVP_CipherInit_ex()\fR, \&\fIEVP_CipherFinal_ex()\fR and \fIEVP_CIPHER_CTX_set_padding()\fR appeared in OpenSSL 0.9.7. +.PP +\&\s-1IDEA\s0 appeared in OpenSSL 0.9.7 but was often disabled due to +patent concerns; the last patents expired in 2012. diff --git a/secure/lib/libcrypto/man/EVP_OpenInit.3 b/secure/lib/libcrypto/man/EVP_OpenInit.3 index ca2cc2b..bae7da0 100644 --- a/secure/lib/libcrypto/man/EVP_OpenInit.3 +++ b/secure/lib/libcrypto/man/EVP_OpenInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_OpenInit 3" -.TH EVP_OpenInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_OpenInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 index edfa80f..150e1b1 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_ctrl 3" -.TH EVP_PKEY_CTX_ctrl 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 index 8a75d8e..dabe8b9 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_CTX_new 3" -.TH EVP_PKEY_CTX_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 index dde7731..74e8e88 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_cmp 3" -.TH EVP_PKEY_cmp 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_cmp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 index 7923735..a59895c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_decrypt 3" -.TH EVP_PKEY_decrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 index 43b2343..e07e97c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_derive.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_derive 3" -.TH EVP_PKEY_derive 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_derive 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 index 832c817..63fa3d9 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_encrypt 3" -.TH EVP_PKEY_encrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 index 4ab5d92..221b632 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_get_default_digest 3" -.TH EVP_PKEY_get_default_digest 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_get_default_digest 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 index 6c2a979..93b555d 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_keygen 3" -.TH EVP_PKEY_keygen 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_keygen 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_new.3 b/secure/lib/libcrypto/man/EVP_PKEY_new.3 index 66902d7..4b8f058 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_new.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_new 3" -.TH EVP_PKEY_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 index dac12c5..ae76b2a 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_print_private 3" -.TH EVP_PKEY_print_private 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_print_private 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 index 0b7d19c..b673677 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_set1_RSA 3" -.TH EVP_PKEY_set1_RSA 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_set1_RSA 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +165,7 @@ EVP_PKEY_type \- EVP_PKEY assignment functions. \&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key in \fBpkey\fR or \&\fB\s-1NULL\s0\fR if the key is not of the correct type. .PP -\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR and \fIEVP_PKEY_assign_EC_KEY()\fR also set the referenced key to \fBkey\fR however these use the supplied \fBkey\fR internally and so \fBkey\fR will be freed when the parent \fBpkey\fR is freed. @@ -181,8 +181,8 @@ In accordance with the OpenSSL naming convention the key obtained from or assigned to the \fBpkey\fR using the \fB1\fR functions must be freed as well as \fBpkey\fR. .PP -\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR -\&\fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +and \fIEVP_PKEY_assign_EC_KEY()\fR are implemented as macros. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fIEVP_PKEY_set1_RSA()\fR, \fIEVP_PKEY_set1_DSA()\fR, \fIEVP_PKEY_set1_DH()\fR and @@ -192,7 +192,7 @@ freed as well as \fBpkey\fR. \&\fIEVP_PKEY_get1_EC_KEY()\fR return the referenced key or \fB\s-1NULL\s0\fR if an error occurred. .PP -\&\fIEVP_PKEY_assign_RSA()\fR \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR +\&\fIEVP_PKEY_assign_RSA()\fR, \fIEVP_PKEY_assign_DSA()\fR, \fIEVP_PKEY_assign_DH()\fR and \fIEVP_PKEY_assign_EC_KEY()\fR return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 index b353260..a53da46 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_sign.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_sign 3" -.TH EVP_PKEY_sign 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -155,9 +155,14 @@ before the call the \fBsiglen\fR parameter should contain the length of the \&\fBsig\fR and the amount of data written to \fBsiglen\fR. .SH "NOTES" .IX Header "NOTES" +\&\fIEVP_PKEY_sign()\fR does not hash the data to be signed, and therefore is +normally used to sign digests. For signing arbitrary messages, see the +\&\fIEVP_DigestSignInit\fR\|(3) and +\&\fIEVP_SignInit\fR\|(3) signing interfaces instead. +.PP After the call to \fIEVP_PKEY_sign_init()\fR algorithm specific control operations can be performed to set any appropriate parameters for the -operation. +operation (see \fIEVP_PKEY_CTX_ctrl\fR\|(3)). .PP The function \fIEVP_PKEY_sign()\fR can be called more than once on the same context if several operations are performed using the same parameters. @@ -175,13 +180,17 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: \& #include <openssl/rsa.h> \& \& EVP_PKEY_CTX *ctx; +\& /* md is a SHA\-256 digest in this example. */ \& unsigned char *md, *sig; -\& size_t mdlen, siglen; +\& size_t mdlen = 32, siglen; \& EVP_PKEY *signing_key; -\& /* NB: assumes signing_key, md and mdlen are already set up -\& * and that signing_key is an RSA private key +\& +\& /* +\& * NB: assumes signing_key and md are set up before the next +\& * step. signing_key must be an RSA private key and md must +\& * point to the SHA\-256 digest to be signed. \& */ -\& ctx = EVP_PKEY_CTX_new(signing_key); +\& ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); \& if (!ctx) \& /* Error occurred */ \& if (EVP_PKEY_sign_init(ctx) <= 0) @@ -208,6 +217,7 @@ Sign data using \s-1RSA\s0 with PKCS#1 padding and \s-1SHA256\s0 digest: .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIEVP_PKEY_CTX_new\fR\|(3), +\&\fIEVP_PKEY_CTX_ctrl\fR\|(3), \&\fIEVP_PKEY_encrypt\fR\|(3), \&\fIEVP_PKEY_decrypt\fR\|(3), \&\fIEVP_PKEY_verify\fR\|(3), diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 index 7309984..90d6c8c 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify 3" -.TH EVP_PKEY_verify 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 index 5469cfd..be65935 100644 --- a/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 +++ b/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_PKEY_verify_recover 3" -.TH EVP_PKEY_verify_recover 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_PKEY_verify_recover 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SealInit.3 b/secure/lib/libcrypto/man/EVP_SealInit.3 index 6c9c8b5..9d21939 100644 --- a/secure/lib/libcrypto/man/EVP_SealInit.3 +++ b/secure/lib/libcrypto/man/EVP_SealInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SealInit 3" -.TH EVP_SealInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_SealInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/EVP_SignInit.3 b/secure/lib/libcrypto/man/EVP_SignInit.3 index 5a513dd..2d30fd0 100644 --- a/secure/lib/libcrypto/man/EVP_SignInit.3 +++ b/secure/lib/libcrypto/man/EVP_SignInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_SignInit 3" -.TH EVP_SignInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_SignInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,9 +158,11 @@ signature context \fBctx\fR. This function can be called several times on the same \fBctx\fR to include additional data. .PP \&\fIEVP_SignFinal()\fR signs the data in \fBctx\fR using the private key \fBpkey\fR and -places the signature in \fBsig\fR. The number of bytes of data written (i.e. the -length of the signature) will be written to the integer at \fBs\fR, at most -EVP_PKEY_size(pkey) bytes will be written. +places the signature in \fBsig\fR. \fBsig\fR must be at least EVP_PKEY_size(pkey) +bytes in size. \fBs\fR is an \s-1OUT\s0 paramter, and not used as an \s-1IN\s0 parameter. +The number of bytes of data written (i.e. the length of the signature) +will be written to the integer at \fBs\fR, at most EVP_PKEY_size(pkey) bytes +will be written. .PP \&\fIEVP_SignInit()\fR initializes a signing context \fBctx\fR to use the default implementation of digest \fBtype\fR. diff --git a/secure/lib/libcrypto/man/EVP_VerifyInit.3 b/secure/lib/libcrypto/man/EVP_VerifyInit.3 index 776bc58..1e1f485 100644 --- a/secure/lib/libcrypto/man/EVP_VerifyInit.3 +++ b/secure/lib/libcrypto/man/EVP_VerifyInit.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EVP_VerifyInit 3" -.TH EVP_VerifyInit 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EVP_VerifyInit 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OBJ_nid2obj.3 b/secure/lib/libcrypto/man/OBJ_nid2obj.3 index a47ffb2..8049dee 100644 --- a/secure/lib/libcrypto/man/OBJ_nid2obj.3 +++ b/secure/lib/libcrypto/man/OBJ_nid2obj.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OBJ_nid2obj 3" -.TH OBJ_nid2obj 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OBJ_nid2obj 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_Applink.3 b/secure/lib/libcrypto/man/OPENSSL_Applink.3 index 1dd5138..1bd1cea 100644 --- a/secure/lib/libcrypto/man/OPENSSL_Applink.3 +++ b/secure/lib/libcrypto/man/OPENSSL_Applink.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_Applink 3" -.TH OPENSSL_Applink 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OPENSSL_Applink 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 index 02f47a7..4db6f354 100644 --- a/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 +++ b/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_VERSION_NUMBER 3" -.TH OPENSSL_VERSION_NUMBER 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OPENSSL_VERSION_NUMBER 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_config.3 b/secure/lib/libcrypto/man/OPENSSL_config.3 index e4f9e4b..203236d 100644 --- a/secure/lib/libcrypto/man/OPENSSL_config.3 +++ b/secure/lib/libcrypto/man/OPENSSL_config.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_config 3" -.TH OPENSSL_config 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OPENSSL_config 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 index 7b94a59..6e296d1 100644 --- a/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 +++ b/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_ia32cap 3" -.TH OPENSSL_ia32cap 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OPENSSL_ia32cap 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 index 4e1c8a9..4f9c2dd 100644 --- a/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 +++ b/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL_load_builtin_modules 3" -.TH OPENSSL_load_builtin_modules 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OPENSSL_load_builtin_modules 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 index 4f89c70..157bf2d 100644 --- a/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 +++ b/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OpenSSL_add_all_algorithms 3" -.TH OpenSSL_add_all_algorithms 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OpenSSL_add_all_algorithms 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 index cbcbd0d..c3b3ac7 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_CMS_stream 3" -.TH PEM_write_bio_CMS_stream 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PEM_write_bio_CMS_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 index 2ec83aa..fae1dd5 100644 --- a/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 +++ b/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PEM_write_bio_PKCS7_stream 3" -.TH PEM_write_bio_PKCS7_stream 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PEM_write_bio_PKCS7_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_create.3 b/secure/lib/libcrypto/man/PKCS12_create.3 index 104d37c..11f6d27 100644 --- a/secure/lib/libcrypto/man/PKCS12_create.3 +++ b/secure/lib/libcrypto/man/PKCS12_create.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_create 3" -.TH PKCS12_create 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS12_create 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS12_parse.3 b/secure/lib/libcrypto/man/PKCS12_parse.3 index d4312f5..7814702 100644 --- a/secure/lib/libcrypto/man/PKCS12_parse.3 +++ b/secure/lib/libcrypto/man/PKCS12_parse.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12_parse 3" -.TH PKCS12_parse 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS12_parse 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_decrypt.3 b/secure/lib/libcrypto/man/PKCS7_decrypt.3 index 82fa641..874fb29 100644 --- a/secure/lib/libcrypto/man/PKCS7_decrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_decrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_decrypt 3" -.TH PKCS7_decrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS7_decrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_encrypt.3 b/secure/lib/libcrypto/man/PKCS7_encrypt.3 index 8970a3f..74011b6 100644 --- a/secure/lib/libcrypto/man/PKCS7_encrypt.3 +++ b/secure/lib/libcrypto/man/PKCS7_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_encrypt 3" -.TH PKCS7_encrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS7_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign.3 b/secure/lib/libcrypto/man/PKCS7_sign.3 index 97f78b7..f4d9257 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign 3" -.TH PKCS7_sign 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS7_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 index e58f8de..139ac54 100644 --- a/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 +++ b/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_sign_add_signer 3" -.TH PKCS7_sign_add_signer 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS7_sign_add_signer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/PKCS7_verify.3 b/secure/lib/libcrypto/man/PKCS7_verify.3 index 4ecbb0a..80f641d 100644 --- a/secure/lib/libcrypto/man/PKCS7_verify.3 +++ b/secure/lib/libcrypto/man/PKCS7_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7_verify 3" -.TH PKCS7_verify 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS7_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_add.3 b/secure/lib/libcrypto/man/RAND_add.3 index f0ce8db..1f6a383 100644 --- a/secure/lib/libcrypto/man/RAND_add.3 +++ b/secure/lib/libcrypto/man/RAND_add.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_add 3" -.TH RAND_add 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND_add 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_bytes.3 b/secure/lib/libcrypto/man/RAND_bytes.3 index a8bccd0..e17aded 100644 --- a/secure/lib/libcrypto/man/RAND_bytes.3 +++ b/secure/lib/libcrypto/man/RAND_bytes.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_bytes 3" -.TH RAND_bytes 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND_bytes 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_cleanup.3 b/secure/lib/libcrypto/man/RAND_cleanup.3 index 804f64a..8534861 100644 --- a/secure/lib/libcrypto/man/RAND_cleanup.3 +++ b/secure/lib/libcrypto/man/RAND_cleanup.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_cleanup 3" -.TH RAND_cleanup 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND_cleanup 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_egd.3 b/secure/lib/libcrypto/man/RAND_egd.3 index 75ea989..9020fbd 100644 --- a/secure/lib/libcrypto/man/RAND_egd.3 +++ b/secure/lib/libcrypto/man/RAND_egd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_egd 3" -.TH RAND_egd 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND_egd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_load_file.3 b/secure/lib/libcrypto/man/RAND_load_file.3 index 78ba3ff..3e36537 100644 --- a/secure/lib/libcrypto/man/RAND_load_file.3 +++ b/secure/lib/libcrypto/man/RAND_load_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_load_file 3" -.TH RAND_load_file 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND_load_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RAND_set_rand_method.3 b/secure/lib/libcrypto/man/RAND_set_rand_method.3 index 3a21c32..f71a643 100644 --- a/secure/lib/libcrypto/man/RAND_set_rand_method.3 +++ b/secure/lib/libcrypto/man/RAND_set_rand_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND_set_rand_method 3" -.TH RAND_set_rand_method 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND_set_rand_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_blinding_on.3 b/secure/lib/libcrypto/man/RSA_blinding_on.3 index eb1ba80..fcd6958 100644 --- a/secure/lib/libcrypto/man/RSA_blinding_on.3 +++ b/secure/lib/libcrypto/man/RSA_blinding_on.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_blinding_on 3" -.TH RSA_blinding_on 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_blinding_on 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_check_key.3 b/secure/lib/libcrypto/man/RSA_check_key.3 index 8484fe5..ed450e2 100644 --- a/secure/lib/libcrypto/man/RSA_check_key.3 +++ b/secure/lib/libcrypto/man/RSA_check_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_check_key 3" -.TH RSA_check_key 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_check_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_generate_key.3 b/secure/lib/libcrypto/man/RSA_generate_key.3 index c42db00..91cbb03 100644 --- a/secure/lib/libcrypto/man/RSA_generate_key.3 +++ b/secure/lib/libcrypto/man/RSA_generate_key.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_generate_key 3" -.TH RSA_generate_key 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_generate_key 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 index 9954467..36af6de 100644 --- a/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_get_ex_new_index 3" -.TH RSA_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_new.3 b/secure/lib/libcrypto/man/RSA_new.3 index 29a8b50..e05e31a 100644 --- a/secure/lib/libcrypto/man/RSA_new.3 +++ b/secure/lib/libcrypto/man/RSA_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_new 3" -.TH RSA_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 index 13776cf..4241c6b 100644 --- a/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 +++ b/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_padding_add_PKCS1_type_1 3" -.TH RSA_padding_add_PKCS1_type_1 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_padding_add_PKCS1_type_1 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_print.3 b/secure/lib/libcrypto/man/RSA_print.3 index 03fc1b6..f44a466 100644 --- a/secure/lib/libcrypto/man/RSA_print.3 +++ b/secure/lib/libcrypto/man/RSA_print.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_print 3" -.TH RSA_print 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_print 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_private_encrypt.3 b/secure/lib/libcrypto/man/RSA_private_encrypt.3 index fd21c6d..20a6d1a 100644 --- a/secure/lib/libcrypto/man/RSA_private_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_private_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_private_encrypt 3" -.TH RSA_private_encrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_private_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_public_encrypt.3 b/secure/lib/libcrypto/man/RSA_public_encrypt.3 index 32306e2..5e9cdee 100644 --- a/secure/lib/libcrypto/man/RSA_public_encrypt.3 +++ b/secure/lib/libcrypto/man/RSA_public_encrypt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_public_encrypt 3" -.TH RSA_public_encrypt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_public_encrypt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_set_method.3 b/secure/lib/libcrypto/man/RSA_set_method.3 index a6f6fea..0c6facc7 100644 --- a/secure/lib/libcrypto/man/RSA_set_method.3 +++ b/secure/lib/libcrypto/man/RSA_set_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_set_method 3" -.TH RSA_set_method 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_set_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -253,14 +253,18 @@ the default method is used. \& /* sign. For backward compatibility, this is used only \& * if (flags & RSA_FLAG_SIGN_VER) \& */ -\& int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, -\& unsigned char *sigret, unsigned int *siglen, RSA *rsa); -\& +\& int (*rsa_sign)(int type, +\& const unsigned char *m, unsigned int m_length, +\& unsigned char *sigret, unsigned int *siglen, const RSA *rsa); \& /* verify. For backward compatibility, this is used only \& * if (flags & RSA_FLAG_SIGN_VER) \& */ -\& int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, -\& unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +\& int (*rsa_verify)(int dtype, +\& const unsigned char *m, unsigned int m_length, +\& const unsigned char *sigbuf, unsigned int siglen, +\& const RSA *rsa); +\& /* keygen. If NULL builtin RSA key generation will be used */ +\& int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); \& \& } RSA_METHOD; .Ve diff --git a/secure/lib/libcrypto/man/RSA_sign.3 b/secure/lib/libcrypto/man/RSA_sign.3 index cf12aea..12a6a5c 100644 --- a/secure/lib/libcrypto/man/RSA_sign.3 +++ b/secure/lib/libcrypto/man/RSA_sign.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign 3" -.TH RSA_sign 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_sign 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -148,6 +148,10 @@ RSA_sign, RSA_verify \- RSA signatures private key \fBrsa\fR as specified in \s-1PKCS\s0 #1 v2.0. It stores the signature in \fBsigret\fR and the signature size in \fBsiglen\fR. \fBsigret\fR must point to RSA_size(\fBrsa\fR) bytes of memory. +Note that \s-1PKCS\s0 #1 adds meta-data, placing limits on the size of the +key that can be used. +See \fIRSA_private_encrypt\fR\|(3) for lower-level +operations. .PP \&\fBtype\fR denotes the message digest algorithm that was used to generate \&\fBm\fR. It usually is one of \fBNID_sha1\fR, \fBNID_ripemd160\fR and \fBNID_md5\fR; diff --git a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 index bb55a61..56f16da 100644 --- a/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 +++ b/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_sign_ASN1_OCTET_STRING 3" -.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_sign_ASN1_OCTET_STRING 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/RSA_size.3 b/secure/lib/libcrypto/man/RSA_size.3 index 2479c38..31861d5 100644 --- a/secure/lib/libcrypto/man/RSA_size.3 +++ b/secure/lib/libcrypto/man/RSA_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA_size 3" -.TH RSA_size 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_CMS.3 b/secure/lib/libcrypto/man/SMIME_read_CMS.3 index d448934..c8eda72 100644 --- a/secure/lib/libcrypto/man/SMIME_read_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_read_CMS.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_CMS 3" -.TH SMIME_read_CMS 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SMIME_read_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 index be12a0d..4829c7d 100644 --- a/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_read_PKCS7 3" -.TH SMIME_read_PKCS7 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SMIME_read_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_CMS.3 b/secure/lib/libcrypto/man/SMIME_write_CMS.3 index b5af40b..8445e65 100644 --- a/secure/lib/libcrypto/man/SMIME_write_CMS.3 +++ b/secure/lib/libcrypto/man/SMIME_write_CMS.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_CMS 3" -.TH SMIME_write_CMS 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SMIME_write_CMS 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 index 2fde51a..85af2a7 100644 --- a/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 +++ b/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME_write_PKCS7 3" -.TH SMIME_write_PKCS7 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SMIME_write_PKCS7 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 index 09aea7e..ab889bd 100644 --- a/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 +++ b/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_ENTRY_get_object 3" -.TH X509_NAME_ENTRY_get_object 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_NAME_ENTRY_get_object 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 index 00084a1..f5c0ecf 100644 --- a/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 +++ b/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_add_entry_by_txt 3" -.TH X509_NAME_add_entry_by_txt 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_NAME_add_entry_by_txt 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 index f4070a9..70a4b02 100644 --- a/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 +++ b/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_get_index_by_NID 3" -.TH X509_NAME_get_index_by_NID 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_NAME_get_index_by_NID 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 index 2dd5b49..2ce8da4 100644 --- a/secure/lib/libcrypto/man/X509_NAME_print_ex.3 +++ b/secure/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_NAME_print_ex 3" -.TH X509_NAME_print_ex 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_NAME_print_ex 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 index d9a4a61..ab59435 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_error 3" -.TH X509_STORE_CTX_get_error 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_STORE_CTX_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 index 905b633..27607bd 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_get_ex_new_index 3" -.TH X509_STORE_CTX_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_STORE_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 index d06b699..25d63be 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_new 3" -.TH X509_STORE_CTX_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_STORE_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 index 903e4ec..6f4246f 100644 --- a/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 +++ b/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_CTX_set_verify_cb 3" -.TH X509_STORE_CTX_set_verify_cb 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_STORE_CTX_set_verify_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 6cee4dc..bf5ccf3 100644 --- a/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_STORE_set_verify_cb_func 3" -.TH X509_STORE_set_verify_cb_func 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_STORE_set_verify_cb_func 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 index 81fb954..f3548f8 100644 --- a/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 +++ b/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_VERIFY_PARAM_set_flags 3" -.TH X509_VERIFY_PARAM_set_flags 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_VERIFY_PARAM_set_flags 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_new.3 b/secure/lib/libcrypto/man/X509_new.3 index 4e9cc3a..1b7084e 100644 --- a/secure/lib/libcrypto/man/X509_new.3 +++ b/secure/lib/libcrypto/man/X509_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_new 3" -.TH X509_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/X509_verify_cert.3 b/secure/lib/libcrypto/man/X509_verify_cert.3 index f63d10b..09dcf5b 100644 --- a/secure/lib/libcrypto/man/X509_verify_cert.3 +++ b/secure/lib/libcrypto/man/X509_verify_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509_verify_cert 3" -.TH X509_verify_cert 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509_verify_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bio.3 b/secure/lib/libcrypto/man/bio.3 index 0845386..d177bd9 100644 --- a/secure/lib/libcrypto/man/bio.3 +++ b/secure/lib/libcrypto/man/bio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bio 3" -.TH bio 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/blowfish.3 b/secure/lib/libcrypto/man/blowfish.3 index d13db52..67094b9 100644 --- a/secure/lib/libcrypto/man/blowfish.3 +++ b/secure/lib/libcrypto/man/blowfish.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "blowfish 3" -.TH blowfish 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH blowfish 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn.3 b/secure/lib/libcrypto/man/bn.3 index 471cc7c..881238c 100644 --- a/secure/lib/libcrypto/man/bn.3 +++ b/secure/lib/libcrypto/man/bn.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn 3" -.TH bn 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH bn 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/bn_internal.3 b/secure/lib/libcrypto/man/bn_internal.3 index 05d1dfa..0489224 100644 --- a/secure/lib/libcrypto/man/bn_internal.3 +++ b/secure/lib/libcrypto/man/bn_internal.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "bn_internal 3" -.TH bn_internal 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH bn_internal 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/buffer.3 b/secure/lib/libcrypto/man/buffer.3 index c69e8e8..6b32781 100644 --- a/secure/lib/libcrypto/man/buffer.3 +++ b/secure/lib/libcrypto/man/buffer.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "buffer 3" -.TH buffer 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH buffer 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/crypto.3 b/secure/lib/libcrypto/man/crypto.3 index 9fa1775..f01e109 100644 --- a/secure/lib/libcrypto/man/crypto.3 +++ b/secure/lib/libcrypto/man/crypto.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "crypto 3" -.TH crypto 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH crypto 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 index dce2fc6..66a366b 100644 --- a/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 +++ b/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_ASN1_OBJECT 3" -.TH d2i_ASN1_OBJECT 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_ASN1_OBJECT 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DHparams.3 b/secure/lib/libcrypto/man/d2i_DHparams.3 index 9ea1042..ac5d631 100644 --- a/secure/lib/libcrypto/man/d2i_DHparams.3 +++ b/secure/lib/libcrypto/man/d2i_DHparams.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DHparams 3" -.TH d2i_DHparams 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_DHparams 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 index 7e53fca..990ee3a 100644 --- a/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_DSAPublicKey 3" -.TH d2i_DSAPublicKey 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_DSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 index 3f590c6..3e0aea5 100644 --- a/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 +++ b/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_PKCS8PrivateKey 3" -.TH d2i_PKCS8PrivateKey 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_PKCS8PrivateKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 index 3417c06..fbad715 100644 --- a/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 +++ b/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_RSAPublicKey 3" -.TH d2i_RSAPublicKey 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_RSAPublicKey 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509.3 b/secure/lib/libcrypto/man/d2i_X509.3 index 4f31062..cf59fd5 100644 --- a/secure/lib/libcrypto/man/d2i_X509.3 +++ b/secure/lib/libcrypto/man/d2i_X509.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509 3" -.TH d2i_X509 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_X509 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 index d423f18..e4e8bd4 100644 --- a/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 +++ b/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_ALGOR 3" -.TH d2i_X509_ALGOR 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_X509_ALGOR 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_CRL.3 b/secure/lib/libcrypto/man/d2i_X509_CRL.3 index 8a432d3..ac05f6a 100644 --- a/secure/lib/libcrypto/man/d2i_X509_CRL.3 +++ b/secure/lib/libcrypto/man/d2i_X509_CRL.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_CRL 3" -.TH d2i_X509_CRL 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_X509_CRL 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_NAME.3 b/secure/lib/libcrypto/man/d2i_X509_NAME.3 index 41b8a52..23d00ae 100644 --- a/secure/lib/libcrypto/man/d2i_X509_NAME.3 +++ b/secure/lib/libcrypto/man/d2i_X509_NAME.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_NAME 3" -.TH d2i_X509_NAME 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_X509_NAME 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_REQ.3 b/secure/lib/libcrypto/man/d2i_X509_REQ.3 index 9da6593..d65145f 100644 --- a/secure/lib/libcrypto/man/d2i_X509_REQ.3 +++ b/secure/lib/libcrypto/man/d2i_X509_REQ.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_REQ 3" -.TH d2i_X509_REQ 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_X509_REQ 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/d2i_X509_SIG.3 b/secure/lib/libcrypto/man/d2i_X509_SIG.3 index 9611a32..5ada7ce 100644 --- a/secure/lib/libcrypto/man/d2i_X509_SIG.3 +++ b/secure/lib/libcrypto/man/d2i_X509_SIG.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_X509_SIG 3" -.TH d2i_X509_SIG 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_X509_SIG 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/des.3 b/secure/lib/libcrypto/man/des.3 index 5c42a23..555e52f 100644 --- a/secure/lib/libcrypto/man/des.3 +++ b/secure/lib/libcrypto/man/des.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "des 3" -.TH des 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH des 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -263,9 +263,8 @@ depend on a global variable. .PP \&\fIDES_set_odd_parity()\fR sets the parity of the passed \fIkey\fR to odd. .PP -\&\fIDES_is_weak_key()\fR returns 1 is the passed key is a weak key, 0 if it -is ok. The probability that a randomly generated key is weak is -1/2^52, so it is not really worth checking for them. +\&\fIDES_is_weak_key()\fR returns 1 if the passed key is a weak key, 0 if it +is ok. .PP The following routines mostly operate on an input and output stream of \&\fIDES_cblock\fRs. @@ -309,7 +308,7 @@ of 24 bytes. This is much better than \s-1CBC\s0 \s-1DES\s0. .PP \&\fIDES_ede3_cbc_encrypt()\fR implements outer triple \s-1CBC\s0 \s-1DES\s0 encryption with three keys. This means that each \s-1DES\s0 operation inside the \s-1CBC\s0 mode is -really an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. +an \f(CW\*(C`C=E(ks3,D(ks2,E(ks1,M)))\*(C'\fR. This mode is used by \s-1SSL\s0. .PP The \fIDES_ede2_cbc_encrypt()\fR macro implements two-key Triple-DES by reusing \fIks1\fR for the final encryption. \f(CW\*(C`C=E(ks1,D(ks2,E(ks1,M)))\*(C'\fR. diff --git a/secure/lib/libcrypto/man/dh.3 b/secure/lib/libcrypto/man/dh.3 index f1fe778..3073957 100644 --- a/secure/lib/libcrypto/man/dh.3 +++ b/secure/lib/libcrypto/man/dh.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dh 3" -.TH dh 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH dh 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/dsa.3 b/secure/lib/libcrypto/man/dsa.3 index 18092ae..760f5fb 100644 --- a/secure/lib/libcrypto/man/dsa.3 +++ b/secure/lib/libcrypto/man/dsa.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "dsa 3" -.TH dsa 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH dsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ecdsa.3 b/secure/lib/libcrypto/man/ecdsa.3 index db65c67..070340c 100644 --- a/secure/lib/libcrypto/man/ecdsa.3 +++ b/secure/lib/libcrypto/man/ecdsa.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ecdsa 3" -.TH ecdsa 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ecdsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/engine.3 b/secure/lib/libcrypto/man/engine.3 index 367fd3e..2086ac8 100644 --- a/secure/lib/libcrypto/man/engine.3 +++ b/secure/lib/libcrypto/man/engine.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "engine 3" -.TH engine 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH engine 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/err.3 b/secure/lib/libcrypto/man/err.3 index 45a841b..52835d4 100644 --- a/secure/lib/libcrypto/man/err.3 +++ b/secure/lib/libcrypto/man/err.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "err 3" -.TH err 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH err 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -299,7 +299,6 @@ be obtained by calling ERR_get_err_state_table(void) and ERR_get_string_table(void) respectively. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fICRYPTO_set_id_callback\fR\|(3), \&\fICRYPTO_set_locking_callback\fR\|(3), \&\fIERR_get_error\fR\|(3), \&\s-1\fIERR_GET_LIB\s0\fR\|(3), diff --git a/secure/lib/libcrypto/man/evp.3 b/secure/lib/libcrypto/man/evp.3 index 0ef7d33..93c1328 100644 --- a/secure/lib/libcrypto/man/evp.3 +++ b/secure/lib/libcrypto/man/evp.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "evp 3" -.TH evp 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH evp 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/hmac.3 b/secure/lib/libcrypto/man/hmac.3 index 7346143..3f48c7f 100644 --- a/secure/lib/libcrypto/man/hmac.3 +++ b/secure/lib/libcrypto/man/hmac.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "hmac 3" -.TH hmac 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH hmac 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 index 7373101..dd0d263 100644 --- a/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "i2d_CMS_bio_stream 3" -.TH i2d_CMS_bio_stream 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH i2d_CMS_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 index bb39f02..11642b3 100644 --- a/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 +++ b/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "i2d_PKCS7_bio_stream 3" -.TH i2d_PKCS7_bio_stream 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH i2d_PKCS7_bio_stream 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lh_stats.3 b/secure/lib/libcrypto/man/lh_stats.3 index 8c70339..56e08c9 100644 --- a/secure/lib/libcrypto/man/lh_stats.3 +++ b/secure/lib/libcrypto/man/lh_stats.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lh_stats 3" -.TH lh_stats 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH lh_stats 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/lhash.3 b/secure/lib/libcrypto/man/lhash.3 index 789e40d..52b7b0e 100644 --- a/secure/lib/libcrypto/man/lhash.3 +++ b/secure/lib/libcrypto/man/lhash.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "lhash 3" -.TH lhash 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH lhash 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/md5.3 b/secure/lib/libcrypto/man/md5.3 index 8f61087..387b70a 100644 --- a/secure/lib/libcrypto/man/md5.3 +++ b/secure/lib/libcrypto/man/md5.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "md5 3" -.TH md5 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH md5 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/mdc2.3 b/secure/lib/libcrypto/man/mdc2.3 index 3664ac8..1fb1020 100644 --- a/secure/lib/libcrypto/man/mdc2.3 +++ b/secure/lib/libcrypto/man/mdc2.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "mdc2 3" -.TH mdc2 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH mdc2 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/pem.3 b/secure/lib/libcrypto/man/pem.3 index 01fc4b0..1a660e9 100644 --- a/secure/lib/libcrypto/man/pem.3 +++ b/secure/lib/libcrypto/man/pem.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "pem 3" -.TH pem 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH pem 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -598,9 +598,9 @@ byte \fBsalt\fR encoded as a set of hexadecimal digits. .PP After this is the base64 encoded encrypted data. .PP -The encryption key is determined using \fIEVP_bytestokey()\fR, using \fBsalt\fR and an +The encryption key is determined using \fIEVP_BytesToKey()\fR, using \fBsalt\fR and an iteration count of 1. The \s-1IV\s0 used is the value of \fBsalt\fR and *not* the \s-1IV\s0 -returned by \fIEVP_bytestokey()\fR. +returned by \fIEVP_BytesToKey()\fR. .SH "BUGS" .IX Header "BUGS" The \s-1PEM\s0 read routines in some versions of OpenSSL will not correctly reuse @@ -624,3 +624,6 @@ The read routines return either a pointer to the structure read or \s-1NULL\s0 if an error occurred. .PP The write routines return 1 for success or 0 for failure. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIEVP_get_cipherbyname\fR\|(3), \fIEVP_BytesToKey\fR\|(3) diff --git a/secure/lib/libcrypto/man/rand.3 b/secure/lib/libcrypto/man/rand.3 index 3170b05..fc246c1 100644 --- a/secure/lib/libcrypto/man/rand.3 +++ b/secure/lib/libcrypto/man/rand.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rand 3" -.TH rand 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH rand 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rc4.3 b/secure/lib/libcrypto/man/rc4.3 index a471c20..31ba03f 100644 --- a/secure/lib/libcrypto/man/rc4.3 +++ b/secure/lib/libcrypto/man/rc4.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rc4 3" -.TH rc4 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH rc4 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ripemd.3 b/secure/lib/libcrypto/man/ripemd.3 index a6b1c77..05a4f49 100644 --- a/secure/lib/libcrypto/man/ripemd.3 +++ b/secure/lib/libcrypto/man/ripemd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ripemd 3" -.TH ripemd 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ripemd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/rsa.3 b/secure/lib/libcrypto/man/rsa.3 index 280cd6a..2e8f9b4 100644 --- a/secure/lib/libcrypto/man/rsa.3 +++ b/secure/lib/libcrypto/man/rsa.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "rsa 3" -.TH rsa 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH rsa 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/sha.3 b/secure/lib/libcrypto/man/sha.3 index 0ccb186..2d62a69 100644 --- a/secure/lib/libcrypto/man/sha.3 +++ b/secure/lib/libcrypto/man/sha.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "sha 3" -.TH sha 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH sha 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/threads.3 b/secure/lib/libcrypto/man/threads.3 index 97c76c2..78ef432 100644 --- a/secure/lib/libcrypto/man/threads.3 +++ b/secure/lib/libcrypto/man/threads.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "threads 3" -.TH threads 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH threads 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/ui.3 b/secure/lib/libcrypto/man/ui.3 index ae1348e..e07c530 100644 --- a/secure/lib/libcrypto/man/ui.3 +++ b/secure/lib/libcrypto/man/ui.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui 3" -.TH ui 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ui 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -247,7 +247,7 @@ verification will fail. \&\fIUI_add_input_boolean()\fR adds a prompt to the \s-1UI\s0 that's supposed to be answered in a boolean way, with a single character for yes and a different character for no. A set of characters that can be used to cancel the prompt is given -as well. The prompt itself is really divided in two, one part being the +as well. The prompt itself is divided in two, one part being the descriptive text (given through the \fIprompt\fR argument) and one describing the possible answers (given through the \fIaction_desc\fR argument). .PP diff --git a/secure/lib/libcrypto/man/ui_compat.3 b/secure/lib/libcrypto/man/ui_compat.3 index d232fa8..b6cb7a9 100644 --- a/secure/lib/libcrypto/man/ui_compat.3 +++ b/secure/lib/libcrypto/man/ui_compat.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ui_compat 3" -.TH ui_compat 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ui_compat 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libcrypto/man/x509.3 b/secure/lib/libcrypto/man/x509.3 index f1ac6a0..85c3ad0 100644 --- a/secure/lib/libcrypto/man/x509.3 +++ b/secure/lib/libcrypto/man/x509.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "x509 3" -.TH x509 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH x509 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssh/Makefile b/secure/lib/libssh/Makefile index b63d6b9..36b4d76 100644 --- a/secure/lib/libssh/Makefile +++ b/secure/lib/libssh/Makefile @@ -35,7 +35,7 @@ LDNSDIR= ${.CURDIR}/../../../contrib/ldns CFLAGS+= -DHAVE_LDNS=1 -I${LDNSDIR} SRCS+= getrrsetbyname-ldns.c DPADD+= ${LIBLDNS} -LDADD+= -lldns +LDADD+= ${LDLDNS} USEPRIVATELIB+= ldns .endif diff --git a/secure/lib/libssl/Makefile.man b/secure/lib/libssl/Makefile.man index 06f684e..6b092db 100644 --- a/secure/lib/libssl/Makefile.man +++ b/secure/lib/libssl/Makefile.man @@ -33,6 +33,7 @@ MAN+= SSL_CTX_set_session_cache_mode.3 MAN+= SSL_CTX_set_session_id_context.3 MAN+= SSL_CTX_set_ssl_version.3 MAN+= SSL_CTX_set_timeout.3 +MAN+= SSL_CTX_set_tlsext_ticket_key_cb.3 MAN+= SSL_CTX_set_tmp_dh_callback.3 MAN+= SSL_CTX_set_tmp_rsa_callback.3 MAN+= SSL_CTX_set_verify.3 diff --git a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 index 7ee9797..fbeb0e3 100644 --- a/secure/lib/libssl/man/SSL_CIPHER_get_name.3 +++ b/secure/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CIPHER_get_name 3" -.TH SSL_CIPHER_get_name 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CIPHER_get_name 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -151,8 +151,12 @@ returned. \&\fBalg_bits\fR is not \s-1NULL\s0, it contains the number of bits processed by the chosen algorithm. If \fBcipher\fR is \s-1NULL\s0, 0 is returned. .PP -\&\fISSL_CIPHER_get_version()\fR returns the protocol version for \fBcipher\fR, currently -\&\*(L"SSLv2\*(R", \*(L"SSLv3\*(R", or \*(L"TLSv1\*(R". If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. +\&\fISSL_CIPHER_get_version()\fR returns string which indicates the \s-1SSL/TLS\s0 protocol +version that first defined the cipher. +This is currently \fBSSLv2\fR or \fBTLSv1/SSLv3\fR. +In some cases it should possibly return \*(L"TLSv1.2\*(R" but does not; +use \fISSL_CIPHER_description()\fR instead. +If \fBcipher\fR is \s-1NULL\s0, \*(L"(\s-1NONE\s0)\*(R" is returned. .PP \&\fISSL_CIPHER_description()\fR returns a textual description of the cipher used into the buffer \fBbuf\fR of length \fBlen\fR provided. \fBlen\fR must be at least @@ -175,7 +179,8 @@ sequence: Textual representation of the cipher name. .IP "<protocol version>" 4 .IX Item "<protocol version>" -Protocol version: \fBSSLv2\fR, \fBSSLv3\fR. The TLSv1 ciphers are flagged with SSLv3. +Protocol version: \fBSSLv2\fR, \fBSSLv3\fR, \fBTLSv1.2\fR. The TLSv1.0 ciphers are +flagged with SSLv3. No new ciphers were added by TLSv1.1. .IP "Kx=<key exchange>" 4 .IX Item "Kx=<key exchange>" Key exchange method: \fB\s-1RSA\s0\fR (for export ciphers as \fB\s-1RSA\s0(512)\fR or @@ -207,6 +212,12 @@ Some examples for the output of \fISSL_CIPHER_description()\fR: \& RC4\-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 \& EXP\-RC4\-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export .Ve +.PP +A comp[lete list can be retrieved by invoking the following command: +.PP +.Vb 1 +\& openssl ciphers \-v ALL +.Ve .SH "BUGS" .IX Header "BUGS" If \fISSL_CIPHER_description()\fR is called with \fBcipher\fR being \s-1NULL\s0, the diff --git a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 index 835116c..d498914 100644 --- a/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 +++ b/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_COMP_add_compression_method 3" -.TH SSL_COMP_add_compression_method 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_COMP_add_compression_method 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 index 2d62aaa..d5d6fac 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_extra_chain_cert 3" -.TH SSL_CTX_add_extra_chain_cert 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_add_extra_chain_cert 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -150,6 +150,15 @@ these certificates explicitly specified. If no chain is specified, the library will try to complete the chain from the available \s-1CA\s0 certificates in the trusted \s-1CA\s0 storage, see \&\fISSL_CTX_load_verify_locations\fR\|(3). +.PP +The \fBx509\fR certificate provided to \fISSL_CTX_add_extra_chain_cert()\fR will be freed by the library when the \fB\s-1SSL_CTX\s0\fR is destroyed. An application \fBshould not\fR free the \fBx509\fR object. +.SH "RESTRICTIONS" +.IX Header "RESTRICTIONS" +Only one set of extra chain certificates can be specified per \s-1SSL_CTX\s0 +structure. Different chains for different certificates (for example if both +\&\s-1RSA\s0 and \s-1DSA\s0 certificates are specified by the same server) or different \s-1SSL\s0 +structures with the same parent \s-1SSL_CTX\s0 cannot be specified using this +function. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_add_extra_chain_cert()\fR returns 1 on success. Check out the diff --git a/secure/lib/libssl/man/SSL_CTX_add_session.3 b/secure/lib/libssl/man/SSL_CTX_add_session.3 index 752ef36..778c04a 100644 --- a/secure/lib/libssl/man/SSL_CTX_add_session.3 +++ b/secure/lib/libssl/man/SSL_CTX_add_session.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_add_session 3" -.TH SSL_CTX_add_session 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_add_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,7 +168,7 @@ If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL flag then the internal cache will not be populated automatically by new sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal cache will be searched automatically for session-resume requests (the -latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the +latter can be suppressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the application can use \fISSL_CTX_add_session()\fR directly to have full control over the sessions that can be resumed if desired. .SH "RETURN VALUES" diff --git a/secure/lib/libssl/man/SSL_CTX_ctrl.3 b/secure/lib/libssl/man/SSL_CTX_ctrl.3 index 24c943c..3eef39c 100644 --- a/secure/lib/libssl/man/SSL_CTX_ctrl.3 +++ b/secure/lib/libssl/man/SSL_CTX_ctrl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ctrl 3" -.TH SSL_CTX_ctrl 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_ctrl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 index 5929025..492ac1c 100644 --- a/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_flush_sessions 3" -.TH SSL_CTX_flush_sessions 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_flush_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_free.3 b/secure/lib/libssl/man/SSL_CTX_free.3 index 5efdabb..5c79b35 100644 --- a/secure/lib/libssl/man/SSL_CTX_free.3 +++ b/secure/lib/libssl/man/SSL_CTX_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_free 3" -.TH SSL_CTX_free 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 index 14f68d6..0a677e1 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_ex_new_index 3" -.TH SSL_CTX_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 index 1c31370e..118e473 100644 --- a/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_get_verify_mode 3" -.TH SSL_CTX_get_verify_mode 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_get_verify_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 index 8ec3c95..1543288 100644 --- a/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 +++ b/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_load_verify_locations 3" -.TH SSL_CTX_load_verify_locations 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_load_verify_locations 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_new.3 b/secure/lib/libssl/man/SSL_CTX_new.3 index d7157cf..ab73ce3 100644 --- a/secure/lib/libssl/man/SSL_CTX_new.3 +++ b/secure/lib/libssl/man/SSL_CTX_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_new 3" -.TH SSL_CTX_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -172,20 +172,34 @@ compatibility reasons, see SSLv23_*\fI_method()\fR. It will also not understand SSLv3 client hello messages. .IP "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" 4 .IX Item "SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)" -A \s-1TLS/SSL\s0 connection established with these methods will understand the SSLv2, -SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages -and will indicate that it also understands SSLv3 and TLSv1. A server will -understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best -choice when compatibility is a concern. +A \s-1TLS/SSL\s0 connection established with these methods may understand the SSLv2, +SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. +.Sp +If the cipher list does not contain any SSLv2 ciphersuites (the default +cipher list does not) or extensions are required (for example server name) +a client will send out TLSv1 client hello messages including extensions and +will indicate that it also understands TLSv1.1, TLSv1.2 and permits a +fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 +protocols. This is the best choice when compatibility is a concern. +.Sp +If any SSLv2 ciphersuites are included in the cipher list and no extensions +are required then SSLv2 compatible client hellos will be used by clients and +SSLv2 will be accepted by servers. This is \fBnot\fR recommended due to the +insecurity of SSLv2 and the limited nature of the SSLv2 client hello +prohibiting the use of extensions. .PP The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, -SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the \fB\f(BISSL_CTX_set_options()\fB\fR or -\&\fB\f(BISSL_set_options()\fB\fR functions. Using these options it is possible to choose -e.g. \fISSLv23_server_method()\fR and be able to negotiate with all possible -clients, but to only allow newer protocols like SSLv3 or TLSv1. +SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 +options of the \fISSL_CTX_set_options()\fR or \fISSL_set_options()\fR functions. +Using these options it is possible to choose e.g. \fISSLv23_server_method()\fR and +be able to negotiate with all possible clients, but to only allow newer +protocols like TLSv1, TLSv1.1 or \s-1TLS\s0 v1.2. +.PP +Applications which never want to support SSLv2 (even is the cipher string +is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. .PP \&\fISSL_CTX_new()\fR initializes the list of ciphers, the session cache setting, -the callbacks, the keys and certificates, and the options to its default +the callbacks, the keys and certificates and the options to its default values. .SH "RETURN VALUES" .IX Header "RETURN VALUES" diff --git a/secure/lib/libssl/man/SSL_CTX_sess_number.3 b/secure/lib/libssl/man/SSL_CTX_sess_number.3 index f0b66a3..0a5520c 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_number.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_number.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_number 3" -.TH SSL_CTX_sess_number 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_sess_number 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 index d931729..b8c775e 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_cache_size 3" -.TH SSL_CTX_sess_set_cache_size 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_sess_set_cache_size 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 index b35640c..d0e7c48 100644 --- a/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sess_set_get_cb 3" -.TH SSL_CTX_sess_set_get_cb 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_sess_set_get_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_sessions.3 b/secure/lib/libssl/man/SSL_CTX_sessions.3 index 9fa3ce2..a0e9000 100644 --- a/secure/lib/libssl/man/SSL_CTX_sessions.3 +++ b/secure/lib/libssl/man/SSL_CTX_sessions.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_sessions 3" -.TH SSL_CTX_sessions 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_sessions 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 index be092fc..04a9c19 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_store 3" -.TH SSL_CTX_set_cert_store 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_cert_store 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 index 3cf5643..4a43a97 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cert_verify_callback 3" -.TH SSL_CTX_set_cert_verify_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_cert_verify_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 index 4582ed2..b45446e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_cipher_list 3" -.TH SSL_CTX_set_cipher_list 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_cipher_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -180,6 +180,10 @@ client only supports export \s-1RSA\s0 ciphers with a asymmetric key length of 512 bits and the server is not configured to use temporary \s-1RSA\s0 keys), the \*(L"no shared cipher\*(R" (\s-1SSL_R_NO_SHARED_CIPHER\s0) error is generated and the handshake will fail. +.PP +If the cipher list does not contain any SSLv2 cipher suites (this is the +default) then SSLv2 is effectively disabled and neither clients nor servers +will attempt to use SSLv2. .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fISSL_CTX_set_cipher_list()\fR and \fISSL_set_cipher_list()\fR return 1 if any cipher diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 index dd5ffee..fd89882 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_CA_list 3" -.TH SSL_CTX_set_client_CA_list 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -162,7 +162,7 @@ the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s .SH "NOTES" .IX Header "NOTES" When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which +\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for diff --git a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 index f1ffac8..faa862f 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_client_cert_cb 3" -.TH SSL_CTX_set_client_cert_cb 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_client_cert_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -157,7 +157,7 @@ using the \fBx509\fR and \fBpkey\fR arguments and \*(L"1\*(R" must be returned. certificate will be installed into \fBssl\fR, see the \s-1NOTES\s0 and \s-1BUGS\s0 sections. If no certificate should be set, \*(L"0\*(R" has to be returned and no certificate will be sent. A negative return value will suspend the handshake and the -handshake function will return immediatly. \fISSL_get_error\fR\|(3) +handshake function will return immediately. \fISSL_get_error\fR\|(3) will return \s-1SSL_ERROR_WANT_X509_LOOKUP\s0 to indicate, that the handshake was suspended. The next call to the handshake function will again lead to the call of \fIclient_cert_cb()\fR. It is the job of the \fIclient_cert_cb()\fR to store information diff --git a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 index faff127..56d0a22 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_default_passwd_cb 3" -.TH SSL_CTX_set_default_passwd_cb 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_default_passwd_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 index b75db37..7c57e97 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_generate_session_id 3" -.TH SSL_CTX_set_generate_session_id 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_generate_session_id 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 index 6866ec3..072de37 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_info_callback 3" -.TH SSL_CTX_set_info_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_info_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 index a9f4f91..cdf44ee 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_max_cert_list 3" -.TH SSL_CTX_set_max_cert_list 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_max_cert_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_mode.3 index a355039..5d3c168 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_mode.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_mode 3" -.TH SSL_CTX_set_mode 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 index 5854028..3ee8806 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_msg_callback 3" -.TH SSL_CTX_set_msg_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_msg_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_options.3 b/secure/lib/libssl/man/SSL_CTX_set_options.3 index 50bcaa7..cc855f7 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_options.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_options.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_options 3" -.TH SSL_CTX_set_options 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_options 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -345,7 +345,7 @@ renegotiation implementation. Connections and renegotiation are always permitted by OpenSSL implementations. .SS "Unpatched client and patched OpenSSL server" .IX Subsection "Unpatched client and patched OpenSSL server" -The initial connection suceeds but client renegotiation is denied by the +The initial connection succeeds but client renegotiation is denied by the server with a \fBno_renegotiation\fR warning alert if \s-1TLS\s0 v1.0 is used or a fatal \&\fBhandshake_failure\fR alert in \s-1SSL\s0 v3.0. .PP diff --git a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 index 7535bf4..e71024c 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_psk_client_callback 3" -.TH SSL_CTX_set_psk_client_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_psk_client_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 index 20f519c..58d51ee 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_quiet_shutdown 3" -.TH SSL_CTX_set_quiet_shutdown 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_quiet_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 index 554e1f5..40f130d 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_cache_mode 3" -.TH SSL_CTX_set_session_cache_mode 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_session_cache_mode 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 index f1eb254..2c625be 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_session_id_context 3" -.TH SSL_CTX_set_session_id_context 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_session_id_context 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 index 546b3d3..941b433 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_ssl_version 3" -.TH SSL_CTX_set_ssl_version 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_ssl_version 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 index 24c2253..c689d95 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_timeout.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_timeout 3" -.TH SSL_CTX_set_timeout 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100644 index 0000000..4b29611 --- /dev/null +++ b/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,307 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3" +.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2014-10-15" "1.0.1j" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +SSL_CTX_set_tlsext_ticket_key_cb \- set a callback for session ticket processing +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +.Vb 1 +\& #include <openssl/tls1.h> +\& +\& long SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX sslctx, +\& int (*cb)(SSL *s, unsigned char key_name[16], +\& unsigned char iv[EVP_MAX_IV_LENGTH], +\& EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +.Ve +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fISSL_CTX_set_tlsext_ticket_key_cb()\fR sets a callback fuction \fIcb\fR for handling +session tickets for the ssl context \fIsslctx\fR. Session tickets, defined in +\&\s-1RFC5077\s0 provide an enhanced session resumption capability where the server +implementation is not required to maintain per session state. It only applies +to \s-1TLS\s0 and there is no SSLv3 implementation. +.PP +The callback is available when the OpenSSL library was built without +\&\fI\s-1OPENSSL_NO_TLSEXT\s0\fR being defined. +.PP +The callback function \fIcb\fR will be called for every client instigated \s-1TLS\s0 +session when session ticket extension is presented in the \s-1TLS\s0 hello +message. It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.PP +The OpenSSL library uses your callback function to help implement a common \s-1TLS\s0 +ticket construction state according to \s-1RFC5077\s0 Section 4 such that per session +state is unnecessary and a small set of cryptographic variables needs to be +maintained by the callback function implementation. +.PP +In order to reuse a session, a \s-1TLS\s0 client must send the a session ticket +extension to the server. The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the session +ticket information or it starts a full \s-1TLS\s0 handshake to create a new session +ticket. +.PP +Before the callback function is started \fIctx\fR and \fIhctx\fR have been +initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. +.PP +For new sessions tickets, when the client doesn't present a session ticket, or +an attempted retreival of the ticket failed, or a renew option was indicated, +the callback function will be called with \fIenc\fR equal to 1. The OpenSSL +library expects that the function will set an arbitary \fIname\fR, initialize +\&\fIiv\fR, and set the cipher context \fIctx\fR and the hash context \fIhctx\fR. +.PP +The \fIname\fR is 16 characters long and is used as a key identifier. +.PP +The \fIiv\fR length is the length of the \s-1IV\s0 of the corresponding cipher. The +maximum \s-1IV\s0 length is \s-1EVP_MAX_IV_LENGTH\s0 bytes defined in \fBevp.h\fR. +.PP +The initialization vector \fIiv\fR should be a random value. The cipher context +\&\fIctx\fR should use the initialisation vector \fIiv\fR. The cipher context can be +set using EVP_EncryptInit_ex. The hmac context can be set using HMAC_Init_ex. +.PP +When the client presents a session ticket, the callback function with be called +with \fIenc\fR set to 0 indicating that the \fIcb\fR function should retreive a set +of parameters. In this case \fIname\fR and \fIiv\fR have already been parsed out of +the session ticket. The OpenSSL library expects that the \fIname\fR will be used +to retrieve a cryptographic parameters and that the cryptographic context +\&\fIctx\fR will be set with the retreived parameters and the initialization vector +\&\fIiv\fR. using a function like EVP_DecryptInit_ex. The \fIhctx\fR needs to be set +using HMAC_Init_ex. +.PP +If the \fIname\fR is still valid but a renewal of the ticket is required the +callback function should return 2. The library will call the callback again +with an arguement of enc equal to 1 to set the new ticket. +.PP +The return value of the \fIcb\fR function is used by OpenSSL to determine what +further processing will occur. The following return values have meaning: +.IP "2" 4 +.IX Item "2" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. Additionally it indicates that the session +ticket is in a renewal period and should be replaced. The OpenSSL library will +call \fIcb\fR again with an enc argument of 1 to set the new ticket (see \s-1RFC5077\s0 +3.3 paragraph 2). +.IP "1" 4 +.IX Item "1" +This indicates that the \fIctx\fR and \fIhctx\fR have been set and the session can +continue on those parameters. +.IP "0" 4 +This indicates that it was not possible to set/retrieve a session ticket and +the \s-1SSL/TLS\s0 session will continue by by negiotationing a set of cryptographic +parameters or using the alternate \s-1SSL/TLS\s0 resumption mechanism, session ids. +.Sp +If called with enc equal to 0 the library will call the \fIcb\fR again to get +a new set of parameters. +.IP "less than 0" 4 +.IX Item "less than 0" +This indicates an error. +.SH "NOTES" +.IX Header "NOTES" +Session resumption shortcuts the \s-1TLS\s0 so that the client certificate +negiotation don't occur. It makes up for this by storing client certificate +an all other negotiated state information encrypted within the ticket. In a +resumed session the applications will have all this state information available +exactly as if a full negiotation had occured. +.PP +If an attacker can obtain the key used to encrypt a session ticket, they can +obtain the master secret for any ticket using that key and decrypt any traffic +using that session: even if the ciphersuite supports forward secrecy. As +a result applications may wish to use multiple keys and avoid using long term +keys stored in files. +.PP +Applications can use longer keys to maintain a consistent level of security. +For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key +the overall security is only 128 bits because breaking the ticket key will +enable an attacker to obtain the session keys. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +Reference Implemention: + SSL_CTX_set_tlsext_ticket_key_cb(\s-1SSL\s0,ssl_tlsext_ticket_key_cb); + .... +.PP +.Vb 6 +\& static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +\& { +\& if (enc) { /* create new session */ +\& if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) ) { +\& return \-1; /* insufficient random */ +\& } +\& +\& key = currentkey(); /* something that you need to implement */ +\& if ( !key ) { +\& /* current key doesn\*(Aqt exist or isn\*(Aqt valid */ +\& key = createkey(); /* something that you need to implement. +\& * createkey needs to initialise, a name, +\& * an aes_key, a hmac_key and optionally +\& * an expire time. */ +\& if ( !key ) { /* key couldn\*(Aqt be created */ +\& return 0; +\& } +\& } +\& memcpy(key_name, key\->name, 16); +\& +\& EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv); +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& +\& return 1; +\& +\& } else { /* retrieve session */ +\& key = findkey(name); +\& +\& if (!key || key\->expire < now() ) { +\& return 0; +\& } +\& +\& HMAC_Init_ex(&hctx, key\->hmac_key, 16, EVP_sha256(), NULL); +\& EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key\->aes_key, iv ); +\& +\& if (key\->expire < ( now() \- RENEW_TIME ) ) { +\& /* return 2 \- this session will get a new ticket even though the current is still valid */ +\& return 2; +\& } +\& return 1; +\& +\& } +\& } +.Ve +.SH "RETURN VALUES" +.IX Header "RETURN VALUES" +returns 0 to indicate the callback function was set. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIssl\fR\|(3), \fISSL_set_session\fR\|(3), +\&\fISSL_session_reused\fR\|(3), +\&\fISSL_CTX_add_session\fR\|(3), +\&\fISSL_CTX_sess_number\fR\|(3), +\&\fISSL_CTX_sess_set_get_cb\fR\|(3), +\&\fISSL_CTX_set_session_id_context\fR\|(3), +.SH "HISTORY" +.IX Header "HISTORY" +This function was introduced in OpenSSL 0.9.8h diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 index 0886646..267ef4e 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_dh_callback 3" -.TH SSL_CTX_set_tmp_dh_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_tmp_dh_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,11 +140,9 @@ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_se \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh); \& -\& void SSL_set_tmp_dh_callback(SSL_CTX *ctx, +\& void SSL_set_tmp_dh_callback(SSL *ctx, \& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); \& long SSL_set_tmp_dh(SSL *ssl, DH *dh) -\& -\& DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -177,12 +175,13 @@ even if he gets hold of the normal (certified) key, as this key was only used for signing. .PP In order to perform a \s-1DH\s0 key exchange the server must use a \s-1DH\s0 group -(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. The server will always generate a new -\&\s-1DH\s0 key during the negotiation, when the \s-1DH\s0 parameters are supplied via -callback and/or when the \s-1SSL_OP_SINGLE_DH_USE\s0 option of -\&\fISSL_CTX_set_options\fR\|(3) is set. It will -immediately create a \s-1DH\s0 key, when \s-1DH\s0 parameters are supplied via -\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. In this case, +(\s-1DH\s0 parameters) and generate a \s-1DH\s0 key. +The server will always generate a new \s-1DH\s0 key during the negotiation +if either the \s-1DH\s0 parameters are supplied via callback or the +\&\s-1SSL_OP_SINGLE_DH_USE\s0 option of \fISSL_CTX_set_options\fR\|(3) is set (or both). +It will immediately create a \s-1DH\s0 key if \s-1DH\s0 parameters are supplied via +\&\fISSL_CTX_set_tmp_dh()\fR and \s-1SSL_OP_SINGLE_DH_USE\s0 is not set. +In this case, it may happen that a key is generated on initialization without later being needed, while on the other hand the computer time during the negotiation is being saved. @@ -208,7 +207,7 @@ instead (see \fIdhparam\fR\|(1)), but in this case \s-1SSL_OP_SINGLE_DH_USE\s0 is mandatory. .PP Application authors may compile in \s-1DH\s0 parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current +dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current version of the OpenSSL distribution contain the '\s-1SKIP\s0' \s-1DH\s0 parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the \fB\-C\fR option of the @@ -268,7 +267,7 @@ partly left out.) \& dh_tmp = dh_512; \& break; \& case 1024: -\& if (!dh_1024) +\& if (!dh_1024) \& dh_1024 = get_dh1024(); \& dh_tmp = dh_1024; \& break; diff --git a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 index 52167a9..79cf7ea 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_tmp_rsa_callback 3" -.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_tmp_rsa_callback 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_set_verify.3 b/secure/lib/libssl/man/SSL_CTX_set_verify.3 index 09bc4be..fb27dd0 100644 --- a/secure/lib/libssl/man/SSL_CTX_set_verify.3 +++ b/secure/lib/libssl/man/SSL_CTX_set_verify.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_set_verify 3" -.TH SSL_CTX_set_verify 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_set_verify 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -228,8 +228,8 @@ certificates would not be present, most likely a X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued. The depth count is \*(L"level 0:peer certificate\*(R", \*(L"level 1: \s-1CA\s0 certificate\*(R", \&\*(L"level 2: higher level \s-1CA\s0 certificate\*(R", and so on. Setting the maximum -depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9, -allowing for the peer certificate and additional 9 \s-1CA\s0 certificates. +depth to 2 allows the levels 0, 1, and 2. The default depth limit is 100, +allowing for the peer certificate and additional 100 \s-1CA\s0 certificates. .PP The \fBverify_callback\fR function is used to control the behaviour when the \&\s-1SSL_VERIFY_PEER\s0 flag is set. It must be supplied by the application and diff --git a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 index c2348fc..81b7957 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_certificate.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_certificate 3" -.TH SSL_CTX_use_certificate 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_use_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 index a5ae5f9..a7957fc 100644 --- a/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 +++ b/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_use_psk_identity_hint 3" -.TH SSL_CTX_use_psk_identity_hint 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_CTX_use_psk_identity_hint 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_free.3 b/secure/lib/libssl/man/SSL_SESSION_free.3 index a4101e5..ee8de88 100644 --- a/secure/lib/libssl/man/SSL_SESSION_free.3 +++ b/secure/lib/libssl/man/SSL_SESSION_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_free 3" -.TH SSL_SESSION_free 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_SESSION_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 index 31f1749..59b2959 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_ex_new_index 3" -.TH SSL_SESSION_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_SESSION_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_SESSION_get_time.3 b/secure/lib/libssl/man/SSL_SESSION_get_time.3 index d42d221..6e428a0 100644 --- a/secure/lib/libssl/man/SSL_SESSION_get_time.3 +++ b/secure/lib/libssl/man/SSL_SESSION_get_time.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_SESSION_get_time 3" -.TH SSL_SESSION_get_time 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_SESSION_get_time 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_accept.3 b/secure/lib/libssl/man/SSL_accept.3 index 79e5193..ea8b4de 100644 --- a/secure/lib/libssl/man/SSL_accept.3 +++ b/secure/lib/libssl/man/SSL_accept.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_accept 3" -.TH SSL_accept 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_accept 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_alert_type_string.3 b/secure/lib/libssl/man/SSL_alert_type_string.3 index 6383b60..b7fb723 100644 --- a/secure/lib/libssl/man/SSL_alert_type_string.3 +++ b/secure/lib/libssl/man/SSL_alert_type_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_alert_type_string 3" -.TH SSL_alert_type_string 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_alert_type_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_clear.3 b/secure/lib/libssl/man/SSL_clear.3 index eafd97c..39e78b1 100644 --- a/secure/lib/libssl/man/SSL_clear.3 +++ b/secure/lib/libssl/man/SSL_clear.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_clear 3" -.TH SSL_clear 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_clear 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_connect.3 b/secure/lib/libssl/man/SSL_connect.3 index 9703367..2eb35d7 100644 --- a/secure/lib/libssl/man/SSL_connect.3 +++ b/secure/lib/libssl/man/SSL_connect.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_connect 3" -.TH SSL_connect 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_connect 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_do_handshake.3 b/secure/lib/libssl/man/SSL_do_handshake.3 index a26b6c9..a2c12f2 100644 --- a/secure/lib/libssl/man/SSL_do_handshake.3 +++ b/secure/lib/libssl/man/SSL_do_handshake.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_do_handshake 3" -.TH SSL_do_handshake 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_do_handshake 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_free.3 b/secure/lib/libssl/man/SSL_free.3 index 471e7ab..105b257 100644 --- a/secure/lib/libssl/man/SSL_free.3 +++ b/secure/lib/libssl/man/SSL_free.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_free 3" -.TH SSL_free 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_free 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 index 4541f4d..4391501 100644 --- a/secure/lib/libssl/man/SSL_get_SSL_CTX.3 +++ b/secure/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_SSL_CTX 3" -.TH SSL_get_SSL_CTX 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_SSL_CTX 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ciphers.3 b/secure/lib/libssl/man/SSL_get_ciphers.3 index 4c5ef08..444c467 100644 --- a/secure/lib/libssl/man/SSL_get_ciphers.3 +++ b/secure/lib/libssl/man/SSL_get_ciphers.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ciphers 3" -.TH SSL_get_ciphers 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_ciphers 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_client_CA_list.3 b/secure/lib/libssl/man/SSL_get_client_CA_list.3 index e5f9a99..7b3d5bd 100644 --- a/secure/lib/libssl/man/SSL_get_client_CA_list.3 +++ b/secure/lib/libssl/man/SSL_get_client_CA_list.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_client_CA_list 3" -.TH SSL_get_client_CA_list 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_client_CA_list 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_current_cipher.3 b/secure/lib/libssl/man/SSL_get_current_cipher.3 index d04f136..a47b281 100644 --- a/secure/lib/libssl/man/SSL_get_current_cipher.3 +++ b/secure/lib/libssl/man/SSL_get_current_cipher.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_current_cipher 3" -.TH SSL_get_current_cipher 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_current_cipher 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_default_timeout.3 b/secure/lib/libssl/man/SSL_get_default_timeout.3 index 88ea757..4d208cd 100644 --- a/secure/lib/libssl/man/SSL_get_default_timeout.3 +++ b/secure/lib/libssl/man/SSL_get_default_timeout.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_default_timeout 3" -.TH SSL_get_default_timeout 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_default_timeout 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_error.3 b/secure/lib/libssl/man/SSL_get_error.3 index 760af98..f9269c2 100644 --- a/secure/lib/libssl/man/SSL_get_error.3 +++ b/secure/lib/libssl/man/SSL_get_error.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_error 3" -.TH SSL_get_error 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_error 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 index 71d554c..11cf6f4 100644 --- a/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 +++ b/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3" -.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_ex_new_index.3 b/secure/lib/libssl/man/SSL_get_ex_new_index.3 index 05d0625..6d5abc5 100644 --- a/secure/lib/libssl/man/SSL_get_ex_new_index.3 +++ b/secure/lib/libssl/man/SSL_get_ex_new_index.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_ex_new_index 3" -.TH SSL_get_ex_new_index 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_ex_new_index 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_fd.3 b/secure/lib/libssl/man/SSL_get_fd.3 index bcaaa8e..d741620 100644 --- a/secure/lib/libssl/man/SSL_get_fd.3 +++ b/secure/lib/libssl/man/SSL_get_fd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_fd 3" -.TH SSL_get_fd 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 index 0303b84..0d120ad 100644 --- a/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 +++ b/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_cert_chain 3" -.TH SSL_get_peer_cert_chain 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_peer_cert_chain 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_peer_certificate.3 b/secure/lib/libssl/man/SSL_get_peer_certificate.3 index 5e9604f..ccadf3b 100644 --- a/secure/lib/libssl/man/SSL_get_peer_certificate.3 +++ b/secure/lib/libssl/man/SSL_get_peer_certificate.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_peer_certificate 3" -.TH SSL_get_peer_certificate 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_peer_certificate 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_psk_identity.3 b/secure/lib/libssl/man/SSL_get_psk_identity.3 index 11c7d98..78589c0 100644 --- a/secure/lib/libssl/man/SSL_get_psk_identity.3 +++ b/secure/lib/libssl/man/SSL_get_psk_identity.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_psk_identity 3" -.TH SSL_get_psk_identity 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_psk_identity 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_rbio.3 b/secure/lib/libssl/man/SSL_get_rbio.3 index 34f5c88..5ccf029 100644 --- a/secure/lib/libssl/man/SSL_get_rbio.3 +++ b/secure/lib/libssl/man/SSL_get_rbio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_rbio 3" -.TH SSL_get_rbio 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_rbio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_session.3 b/secure/lib/libssl/man/SSL_get_session.3 index b8b14ab..40b1d92 100644 --- a/secure/lib/libssl/man/SSL_get_session.3 +++ b/secure/lib/libssl/man/SSL_get_session.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_session 3" -.TH SSL_get_session 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_verify_result.3 b/secure/lib/libssl/man/SSL_get_verify_result.3 index c31cbe7..5bc95d7 100644 --- a/secure/lib/libssl/man/SSL_get_verify_result.3 +++ b/secure/lib/libssl/man/SSL_get_verify_result.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_verify_result 3" -.TH SSL_get_verify_result 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_get_version.3 b/secure/lib/libssl/man/SSL_get_version.3 index b0789e4..4cf77b4 100644 --- a/secure/lib/libssl/man/SSL_get_version.3 +++ b/secure/lib/libssl/man/SSL_get_version.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_get_version 3" -.TH SSL_get_version 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_get_version 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,11 +140,11 @@ SSL_get_version \- get the protocol version of a connection. .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_get_cipher_version()\fR returns the name of the protocol used for the +\&\fISSL_get_version()\fR returns the name of the protocol used for the connection \fBssl\fR. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -The following strings can occur: +The following strings can be returned: .IP "SSLv2" 4 .IX Item "SSLv2" The connection uses the SSLv2 protocol. @@ -153,7 +153,13 @@ The connection uses the SSLv2 protocol. The connection uses the SSLv3 protocol. .IP "TLSv1" 4 .IX Item "TLSv1" -The connection uses the TLSv1 protocol. +The connection uses the TLSv1.0 protocol. +.IP "TLSv1.1" 4 +.IX Item "TLSv1.1" +The connection uses the TLSv1.1 protocol. +.IP "TLSv1.2" 4 +.IX Item "TLSv1.2" +The connection uses the TLSv1.2 protocol. .IP "unknown" 4 .IX Item "unknown" This indicates that no version has been set (no connection established). diff --git a/secure/lib/libssl/man/SSL_library_init.3 b/secure/lib/libssl/man/SSL_library_init.3 index 80b04c1..462a91c 100644 --- a/secure/lib/libssl/man/SSL_library_init.3 +++ b/secure/lib/libssl/man/SSL_library_init.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_library_init 3" -.TH SSL_library_init 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_library_init 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_load_client_CA_file.3 b/secure/lib/libssl/man/SSL_load_client_CA_file.3 index 06baac98..d82d946 100644 --- a/secure/lib/libssl/man/SSL_load_client_CA_file.3 +++ b/secure/lib/libssl/man/SSL_load_client_CA_file.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_load_client_CA_file 3" -.TH SSL_load_client_CA_file 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_load_client_CA_file 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_new.3 b/secure/lib/libssl/man/SSL_new.3 index f3daedd..4b792c2 100644 --- a/secure/lib/libssl/man/SSL_new.3 +++ b/secure/lib/libssl/man/SSL_new.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_new 3" -.TH SSL_new 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_new 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_pending.3 b/secure/lib/libssl/man/SSL_pending.3 index d4bc050..c5eb556 100644 --- a/secure/lib/libssl/man/SSL_pending.3 +++ b/secure/lib/libssl/man/SSL_pending.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_pending 3" -.TH SSL_pending 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_pending 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_read.3 b/secure/lib/libssl/man/SSL_read.3 index 6411d54..de00b8e 100644 --- a/secure/lib/libssl/man/SSL_read.3 +++ b/secure/lib/libssl/man/SSL_read.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_read 3" -.TH SSL_read 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_read 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_rstate_string.3 b/secure/lib/libssl/man/SSL_rstate_string.3 index 7235fd4..b354468 100644 --- a/secure/lib/libssl/man/SSL_rstate_string.3 +++ b/secure/lib/libssl/man/SSL_rstate_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_rstate_string 3" -.TH SSL_rstate_string 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_rstate_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_session_reused.3 b/secure/lib/libssl/man/SSL_session_reused.3 index 8999288..80943dd 100644 --- a/secure/lib/libssl/man/SSL_session_reused.3 +++ b/secure/lib/libssl/man/SSL_session_reused.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_session_reused 3" -.TH SSL_session_reused 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_session_reused 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_bio.3 b/secure/lib/libssl/man/SSL_set_bio.3 index bc2090c..b0e0ae0 100644 --- a/secure/lib/libssl/man/SSL_set_bio.3 +++ b/secure/lib/libssl/man/SSL_set_bio.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_bio 3" -.TH SSL_set_bio 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_set_bio 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_connect_state.3 b/secure/lib/libssl/man/SSL_set_connect_state.3 index 8eb30ec..8e13165 100644 --- a/secure/lib/libssl/man/SSL_set_connect_state.3 +++ b/secure/lib/libssl/man/SSL_set_connect_state.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_connect_state 3" -.TH SSL_set_connect_state 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_set_connect_state 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_fd.3 b/secure/lib/libssl/man/SSL_set_fd.3 index 6b2b138..cb15388 100644 --- a/secure/lib/libssl/man/SSL_set_fd.3 +++ b/secure/lib/libssl/man/SSL_set_fd.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_fd 3" -.TH SSL_set_fd 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_set_fd 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_session.3 b/secure/lib/libssl/man/SSL_set_session.3 index 1611fa5..abfc8b7 100644 --- a/secure/lib/libssl/man/SSL_set_session.3 +++ b/secure/lib/libssl/man/SSL_set_session.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_session 3" -.TH SSL_set_session 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_set_session 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_shutdown.3 b/secure/lib/libssl/man/SSL_set_shutdown.3 index 9f23b54..6ecbee7 100644 --- a/secure/lib/libssl/man/SSL_set_shutdown.3 +++ b/secure/lib/libssl/man/SSL_set_shutdown.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_shutdown 3" -.TH SSL_set_shutdown 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_set_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_set_verify_result.3 b/secure/lib/libssl/man/SSL_set_verify_result.3 index b558d4e..37791ec 100644 --- a/secure/lib/libssl/man/SSL_set_verify_result.3 +++ b/secure/lib/libssl/man/SSL_set_verify_result.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_set_verify_result 3" -.TH SSL_set_verify_result 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_set_verify_result 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_shutdown.3 b/secure/lib/libssl/man/SSL_shutdown.3 index dbec86d..c006793 100644 --- a/secure/lib/libssl/man/SSL_shutdown.3 +++ b/secure/lib/libssl/man/SSL_shutdown.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_shutdown 3" -.TH SSL_shutdown 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_shutdown 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_state_string.3 b/secure/lib/libssl/man/SSL_state_string.3 index 4bd05ad..a068ab0 100644 --- a/secure/lib/libssl/man/SSL_state_string.3 +++ b/secure/lib/libssl/man/SSL_state_string.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_state_string 3" -.TH SSL_state_string 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_state_string 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_want.3 b/secure/lib/libssl/man/SSL_want.3 index cd7dfd2..d3df1c6 100644 --- a/secure/lib/libssl/man/SSL_want.3 +++ b/secure/lib/libssl/man/SSL_want.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_want 3" -.TH SSL_want 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_want 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/SSL_write.3 b/secure/lib/libssl/man/SSL_write.3 index cfaf21a..7532f88 100644 --- a/secure/lib/libssl/man/SSL_write.3 +++ b/secure/lib/libssl/man/SSL_write.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SSL_write 3" -.TH SSL_write 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SSL_write 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/lib/libssl/man/d2i_SSL_SESSION.3 b/secure/lib/libssl/man/d2i_SSL_SESSION.3 index 68eaa3c..5389b54 100644 --- a/secure/lib/libssl/man/d2i_SSL_SESSION.3 +++ b/secure/lib/libssl/man/d2i_SSL_SESSION.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "d2i_SSL_SESSION 3" -.TH d2i_SSL_SESSION 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH d2i_SSL_SESSION 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -175,6 +175,16 @@ known limit on the size of the created \s-1ASN1\s0 representation, so the necess amount of space should be obtained by first calling \fIi2d_SSL_SESSION()\fR with \&\fBpp=NULL\fR, and obtain the size needed, then allocate the memory and call \fIi2d_SSL_SESSION()\fR again. +Note that this will advance the value contained in \fB*pp\fR so it is necessary +to save a copy of the original allocation. +For example: + int i,j; + char *p, *temp; + i = i2d_SSL_SESSION(sess, \s-1NULL\s0); + p = temp = malloc(i); + j = i2d_SSL_SESSION(sess, &temp); + assert(i == j); + assert(p+i == temp); .SH "RETURN VALUES" .IX Header "RETURN VALUES" \&\fId2i_SSL_SESSION()\fR returns a pointer to the newly allocated \s-1SSL_SESSION\s0 diff --git a/secure/lib/libssl/man/ssl.3 b/secure/lib/libssl/man/ssl.3 index 623022f..9e2c8e9 100644 --- a/secure/lib/libssl/man/ssl.3 +++ b/secure/lib/libssl/man/ssl.3 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ssl 3" -.TH ssl 3 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ssl 3 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/libexec/sftp-server/Makefile b/secure/libexec/sftp-server/Makefile index eb788f6..ebddba9 100644 --- a/secure/libexec/sftp-server/Makefile +++ b/secure/libexec/sftp-server/Makefile @@ -13,7 +13,7 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/libexec/ssh-keysign/Makefile b/secure/libexec/ssh-keysign/Makefile index 668ad9e..f248666 100644 --- a/secure/libexec/ssh-keysign/Makefile +++ b/secure/libexec/ssh-keysign/Makefile @@ -9,7 +9,7 @@ CFLAGS+=-I${SSHDIR} -include ssh_namespace.h BINMODE=4555 DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/libexec/ssh-pkcs11-helper/Makefile b/secure/libexec/ssh-pkcs11-helper/Makefile index f3cf902..b73416f 100644 --- a/secure/libexec/ssh-pkcs11-helper/Makefile +++ b/secure/libexec/ssh-pkcs11-helper/Makefile @@ -13,7 +13,7 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/usr.bin/openssl/Makefile.man b/secure/usr.bin/openssl/Makefile.man index 5903f66..a7b249c 100644 --- a/secure/usr.bin/openssl/Makefile.man +++ b/secure/usr.bin/openssl/Makefile.man @@ -2,6 +2,7 @@ # DO NOT EDIT: generated from man-makefile-update target MAN+= CA.pl.1 MAN+= asn1parse.1 +MAN+= c_rehash.1 MAN+= ca.1 MAN+= ciphers.1 MAN+= cms.1 @@ -45,10 +46,15 @@ MAN+= verify.1 MAN+= version.1 MAN+= x509.1 MAN+= x509v3_config.1 -MLINKS+= dgst.1 md5.1 -MLINKS+= dgst.1 md4.1 -MLINKS+= dgst.1 md2.1 -MLINKS+= dgst.1 sha1.1 MLINKS+= dgst.1 sha.1 +MLINKS+= dgst.1 sha1.1 MLINKS+= dgst.1 mdc2.1 MLINKS+= dgst.1 ripemd160.1 +MLINKS+= dgst.1 sha224.1 +MLINKS+= dgst.1 sha256.1 +MLINKS+= dgst.1 sha384.1 +MLINKS+= dgst.1 sha512.1 +MLINKS+= dgst.1 md2.1 +MLINKS+= dgst.1 md4.1 +MLINKS+= dgst.1 md5.1 +MLINKS+= dgst.1 dss1.1 diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index 12de6cf..fd44610 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CA.PL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 4925ca4..b1a1b61 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ASN1PARSE 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -142,6 +142,8 @@ asn1parse \- ASN.1 parsing tool [\fB\-length number\fR] [\fB\-i\fR] [\fB\-oid filename\fR] +[\fB\-dump\fR] +[\fB\-dlimit num\fR] [\fB\-strparse offset\fR] [\fB\-genstr string\fR] [\fB\-genconf file\fR] @@ -179,6 +181,12 @@ indents the output according to the \*(L"depth\*(R" of the structures. .IX Item "-oid filename" a file containing additional \s-1OBJECT\s0 IDENTIFIERs (OIDs). The format of this file is described in the \s-1NOTES\s0 section below. +.IP "\fB\-dump\fR" 4 +.IX Item "-dump" +dump unknown data in hex format. +.IP "\fB\-dlimit num\fR" 4 +.IX Item "-dlimit num" +like \fB\-dump\fR, but only the first \fBnum\fR bytes are output. .IP "\fB\-strparse offset\fR" 4 .IX Item "-strparse offset" parse the contents octets of the \s-1ASN\s0.1 object starting at \fBoffset\fR. This diff --git a/secure/usr.bin/openssl/man/c_rehash.1 b/secure/usr.bin/openssl/man/c_rehash.1 new file mode 100644 index 0000000..83735ed --- /dev/null +++ b/secure/usr.bin/openssl/man/c_rehash.1 @@ -0,0 +1,199 @@ +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.28) +.\" +.\" Standard preamble: +.\" ======================================================================== +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Vb \" Begin verbatim text +.ft CW +.nf +.ne \\$1 +.. +.de Ve \" End verbatim text +.ft R +.fi +.. +.\" Set up some character translations and predefined strings. \*(-- will +.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- +.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.ie n \{\ +. ds -- \(*W- +. ds PI pi +. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch +. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch +. ds L" "" +. ds R" "" +. ds C` "" +. ds C' "" +'br\} +.el\{\ +. ds -- \|\(em\| +. ds PI \(*p +. ds L" `` +. ds R" '' +'br\} +.\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. +.ie \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" +.. +. nr % 0 +. rr F +.\} +.el \{\ +. de IX +.. +.\} +.\" +.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). +.\" Fear. Run. Save yourself. No user-serviceable parts. +. \" fudge factors for nroff and troff +.if n \{\ +. ds #H 0 +. ds #V .8m +. ds #F .3m +. ds #[ \f1 +. ds #] \fP +.\} +.if t \{\ +. ds #H ((1u-(\\\\n(.fu%2u))*.13m) +. ds #V .6m +. ds #F 0 +. ds #[ \& +. ds #] \& +.\} +. \" simple accents for nroff and troff +.if n \{\ +. ds ' \& +. ds ` \& +. ds ^ \& +. ds , \& +. ds ~ ~ +. ds / +.\} +.if t \{\ +. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" +. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' +. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' +. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' +. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' +. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' +.\} +. \" troff and (daisy-wheel) nroff accents +.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' +.ds 8 \h'\*(#H'\(*b\h'-\*(#H' +.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] +.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' +.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' +.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] +.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] +.ds ae a\h'-(\w'a'u*4/10)'e +.ds Ae A\h'-(\w'A'u*4/10)'E +. \" corrections for vroff +.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' +.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' +. \" for low resolution devices (crt and lpr) +.if \n(.H>23 .if \n(.V>19 \ +\{\ +. ds : e +. ds 8 ss +. ds o a +. ds d- d\h'-1'\(ga +. ds D- D\h'-1'\(hy +. ds th \o'bp' +. ds Th \o'LP' +. ds ae ae +. ds Ae AE +.\} +.rm #[ #] #H #V #F C +.\" ======================================================================== +.\" +.IX Title "C_REHASH 1" +.TH C_REHASH 1 "2014-10-15" "1.0.1j" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh +.SH "NAME" +c_rehash \- Create symbolic links to files named by the hash values +.SH "SYNOPSIS" +.IX Header "SYNOPSIS" +\&\fBc_rehash\fR +[ \fIdirectory\fR...] +.SH "DESCRIPTION" +.IX Header "DESCRIPTION" +\&\fBc_rehash\fR scans directories and calculates a hash value of each \f(CW\*(C`.pem\*(C'\fR +file in the specified directory list and creates symbolic links +for each file, where the name of the link is the hash value. +This utility is useful as many programs that use OpenSSL require +directories to be set up like this in order to find certificates. +.PP +If any directories are named on the command line, then those are +processed in turn. If not, then the \fB\s-1SSL_CERT_DIR\s0\fR environment variable +is consulted; this shold be a colon-separated list of directories, +like the Unix \fB\s-1PATH\s0\fR variable. +If that is not set then the default directory (installation-specific +but often \fB/usr/local/ssl/certs\fR) is processed. +.PP +In order for a directory to be processed, the user must have write +permissions on that directory, otherwise it will be skipped. +The links created are of the form \f(CW\*(C`HHHHHHHH.D\*(C'\fR, where each \fBH\fR +is a hexadecimal character and \fBD\fR is a single decimal digit. +When processing a directory, \fBc_rehash\fR will first remove all links +that have a name in that syntax. If you have links in that format +used for other purposes, they will be removed. +Hashes for \s-1CRL\s0's look similar except the letter \fBr\fR appears after +the period, like this: \f(CW\*(C`HHHHHHHH.rD\*(C'\fR. +.PP +Multiple objects may have the same hash; they will be indicated by +incrementing the \fBD\fR value. Duplicates are found by comparing the +full \s-1SHA\-1\s0 fingerprint. A warning will be displayed if a duplicate +is found. +.PP +A warning will also be displayed if there are \fB.pem\fR files that +cannot be parsed as either a certificate or a \s-1CRL\s0. +.PP +The program uses the \fBopenssl\fR program to compute the hashes and +fingerprints. If not found in the user's \fB\s-1PATH\s0\fR, then set the +\&\fB\s-1OPENSSL\s0\fR environment variable to the full pathname. +Any program can be used, it will be invoked as follows for either +a certificate or \s-1CRL:\s0 +.PP +.Vb 2 +\& $OPENSSL x509 \-hash \-fingerprint \-noout \-in FFFFFF +\& $OPENSSL crl \-hash \-fingerprint \-noout \-in FFFFFF +.Ve +.PP +where \fB\s-1FFFFFF\s0\fR is the filename. It must output the hash of the +file on the first line, and the fingerprint on the second, +optionally prefixed with some text and an equals sign. +.SH "ENVIRONMENT" +.IX Header "ENVIRONMENT" +.IP "\fB\s-1OPENSSL\s0\fR" 4 +.IX Item "OPENSSL" +The path to an executable to use to generate hashes and +fingerprints (see above). +.IP "\fB\s-1SSL_CERT_DIR\s0\fR" 4 +.IX Item "SSL_CERT_DIR" +Colon separated list of directories to operate on. +Ignored if directories are listed on the command line. +.SH "SEE ALSO" +.IX Header "SEE ALSO" +\&\fIopenssl\fR\|(1), +\&\fIcrl\fR\|(1). +\&\fIx509\fR\|(1). diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index cd9990d..f28f636 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,6 +139,8 @@ ca \- sample minimal CA application [\fB\-name section\fR] [\fB\-gencrl\fR] [\fB\-revoke file\fR] +[\fB\-status serial\fR] +[\fB\-updatedb\fR] [\fB\-crl_reason reason\fR] [\fB\-crl_hold instruction\fR] [\fB\-crl_compromise time\fR] @@ -152,6 +154,7 @@ ca \- sample minimal CA application [\fB\-md arg\fR] [\fB\-policy arg\fR] [\fB\-keyfile arg\fR] +[\fB\-keyform PEM|DER\fR] [\fB\-key arg\fR] [\fB\-passin arg\fR] [\fB\-cert file\fR] @@ -201,7 +204,7 @@ a single self signed certificate to be signed by the \s-1CA\s0. .IX Item "-spkac filename" a file containing a single Netscape signed public key and challenge and additional field values to be signed by the \s-1CA\s0. See the \fB\s-1SPKAC\s0 \s-1FORMAT\s0\fR -section for information on the required format. +section for information on the required input and output format. .IP "\fB\-infiles\fR" 4 .IX Item "-infiles" if present this should be the last option, all subsequent arguments @@ -210,7 +213,7 @@ are assumed to be the names of files containing certificate requests. .IX Item "-out filename" the output file to output certificates to. The default is standard output. The certificate details will also be printed out to this -file. +file in \s-1PEM\s0 format (except that \fB\-spkac\fR outputs \s-1DER\s0 format). .IP "\fB\-outdir directory\fR" 4 .IX Item "-outdir directory" the directory to output certificates to. The certificate will be @@ -222,6 +225,10 @@ the \s-1CA\s0 certificate file. .IP "\fB\-keyfile filename\fR" 4 .IX Item "-keyfile filename" the private key to sign requests with. +.IP "\fB\-keyform PEM|DER\fR" 4 +.IX Item "-keyform PEM|DER" +the format of the data in the private key file. +The default is \s-1PEM\s0. .IP "\fB\-key password\fR" 4 .IX Item "-key password" the password used to encrypt the private key. Since on some @@ -351,6 +358,13 @@ the number of hours before the next \s-1CRL\s0 is due. .IP "\fB\-revoke filename\fR" 4 .IX Item "-revoke filename" a filename containing a certificate to revoke. +.IP "\fB\-status serial\fR" 4 +.IX Item "-status serial" +displays the revocation status of the certificate with the specified +serial number and exits. +.IP "\fB\-updatedb\fR" 4 +.IX Item "-updatedb" +Updates the database index to purge expired certificates. .IP "\fB\-crl_reason reason\fR" 4 .IX Item "-crl_reason reason" revocation reason, where \fBreason\fR is one of: \fBunspecified\fR, \fBkeyCompromise\fR, @@ -546,6 +560,10 @@ The file should contain the variable \s-1SPKAC\s0 set to the value of the \s-1SPKAC\s0 and also the required \s-1DN\s0 components as name value pairs. If you need to include the same component twice then it can be preceded by a number and a '.'. +.PP +When processing \s-1SPKAC\s0 format, the output is \s-1DER\s0 if the \fB\-out\fR +flag is used, but \s-1PEM\s0 format if sending to stdout or the \fB\-outdir\fR +flag is used. .SH "EXAMPLES" .IX Header "EXAMPLES" Note: these examples assume that the \fBca\fR directory structure is diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index 74b6717..b46cf88 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CIPHERS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -158,7 +158,7 @@ in a cipher list; this is when similar ciphers are available for \&\s-1SSL\s0 v2 and for \s-1SSL\s0 v3/TLS v1. .IP "\fB\-V\fR" 4 .IX Item "-V" -Like \fB\-V\fR, but include cipher suite codes in output (hex format). +Like \fB\-v\fR, but include cipher suite codes in output (hex format). .IP "\fB\-ssl3\fR" 4 .IX Item "-ssl3" only include \s-1SSL\s0 v3 ciphers. @@ -225,8 +225,8 @@ specified. .IP "\fB\s-1COMPLEMENTOFDEFAULT\s0\fR" 4 .IX Item "COMPLEMENTOFDEFAULT" the ciphers included in \fB\s-1ALL\s0\fR, but not enabled by default. Currently -this is \fB\s-1ADH\s0\fR. Note that this rule does not cover \fBeNULL\fR, which is -not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary). +this is \fB\s-1ADH\s0\fR and \fB\s-1AECDH\s0\fR. Note that this rule does not cover \fBeNULL\fR, +which is not included by \fB\s-1ALL\s0\fR (use \fB\s-1COMPLEMENTOFALL\s0\fR if necessary). .IP "\fB\s-1ALL\s0\fR" 4 .IX Item "ALL" all cipher suites except the \fBeNULL\fR ciphers which must be explicitly enabled; @@ -264,18 +264,47 @@ included. .IP "\fBaNULL\fR" 4 .IX Item "aNULL" the cipher suites offering no authentication. This is currently the anonymous -\&\s-1DH\s0 algorithms. These cipher suites are vulnerable to a \*(L"man in the middle\*(R" -attack and so their use is normally discouraged. +\&\s-1DH\s0 algorithms and anonymous \s-1ECDH\s0 algorithms. These cipher suites are vulnerable +to a \*(L"man in the middle\*(R" attack and so their use is normally discouraged. .IP "\fBkRSA\fR, \fB\s-1RSA\s0\fR" 4 .IX Item "kRSA, RSA" cipher suites using \s-1RSA\s0 key exchange. +.IP "\fBkDHr\fR, \fBkDHd\fR, \fBkDH\fR" 4 +.IX Item "kDHr, kDHd, kDH" +cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0 +and \s-1DSS\s0 keys or either respectively. Not implemented. .IP "\fBkEDH\fR" 4 .IX Item "kEDH" -cipher suites using ephemeral \s-1DH\s0 key agreement. -.IP "\fBkDHr\fR, \fBkDHd\fR" 4 -.IX Item "kDHr, kDHd" -cipher suites using \s-1DH\s0 key agreement and \s-1DH\s0 certificates signed by CAs with \s-1RSA\s0 -and \s-1DSS\s0 keys respectively. Not implemented. +cipher suites using ephemeral \s-1DH\s0 key agreement, including anonymous cipher +suites. +.IP "\fB\s-1EDH\s0\fR" 4 +.IX Item "EDH" +cipher suites using authenticated ephemeral \s-1DH\s0 key agreement. +.IP "\fB\s-1ADH\s0\fR" 4 +.IX Item "ADH" +anonymous \s-1DH\s0 cipher suites, note that this does not include anonymous Elliptic +Curve \s-1DH\s0 (\s-1ECDH\s0) cipher suites. +.IP "\fB\s-1DH\s0\fR" 4 +.IX Item "DH" +cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0, ephemeral \s-1DH\s0 and fixed \s-1DH\s0. +.IP "\fBkECDHr\fR, \fBkECDHe\fR, \fBkECDH\fR" 4 +.IX Item "kECDHr, kECDHe, kECDH" +cipher suites using fixed \s-1ECDH\s0 key agreement signed by CAs with \s-1RSA\s0 and \s-1ECDSA\s0 +keys or either respectively. +.IP "\fBkEECDH\fR" 4 +.IX Item "kEECDH" +cipher suites using ephemeral \s-1ECDH\s0 key agreement, including anonymous +cipher suites. +.IP "\fB\s-1EECDHE\s0\fR" 4 +.IX Item "EECDHE" +cipher suites using authenticated ephemeral \s-1ECDH\s0 key agreement. +.IP "\fB\s-1AECDH\s0\fR" 4 +.IX Item "AECDH" +anonymous Elliptic Curve Diffie Hellman cipher suites. +.IP "\fB\s-1ECDH\s0\fR" 4 +.IX Item "ECDH" +cipher suites using \s-1ECDH\s0 key exchange, including anonymous, ephemeral and +fixed \s-1ECDH\s0. .IP "\fBaRSA\fR" 4 .IX Item "aRSA" cipher suites using \s-1RSA\s0 authentication, i.e. the certificates carry \s-1RSA\s0 keys. @@ -286,25 +315,33 @@ cipher suites using \s-1DSS\s0 authentication, i.e. the certificates carry \s-1D .IX Item "aDH" cipher suites effectively using \s-1DH\s0 authentication, i.e. the certificates carry \&\s-1DH\s0 keys. Not implemented. +.IP "\fBaECDH\fR" 4 +.IX Item "aECDH" +cipher suites effectively using \s-1ECDH\s0 authentication, i.e. the certificates +carry \s-1ECDH\s0 keys. +.IP "\fBaECDSA\fR, \fB\s-1ECDSA\s0\fR" 4 +.IX Item "aECDSA, ECDSA" +cipher suites using \s-1ECDSA\s0 authentication, i.e. the certificates carry \s-1ECDSA\s0 +keys. .IP "\fBkFZA\fR, \fBaFZA\fR, \fBeFZA\fR, \fB\s-1FZA\s0\fR" 4 .IX Item "kFZA, aFZA, eFZA, FZA" ciphers suites using \s-1FORTEZZA\s0 key exchange, authentication, encryption or all \&\s-1FORTEZZA\s0 algorithms. Not implemented. -.IP "\fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4 -.IX Item "TLSv1, SSLv3, SSLv2" -\&\s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. -.IP "\fB\s-1DH\s0\fR" 4 -.IX Item "DH" -cipher suites using \s-1DH\s0, including anonymous \s-1DH\s0. -.IP "\fB\s-1ADH\s0\fR" 4 -.IX Item "ADH" -anonymous \s-1DH\s0 cipher suites. -.IP "\fB\s-1AES\s0\fR" 4 -.IX Item "AES" -cipher suites using \s-1AES\s0. -.IP "\fB\s-1CAMELLIA\s0\fR" 4 -.IX Item "CAMELLIA" -cipher suites using Camellia. +.IP "\fBTLSv1.2\fR, \fBTLSv1\fR, \fBSSLv3\fR, \fBSSLv2\fR" 4 +.IX Item "TLSv1.2, TLSv1, SSLv3, SSLv2" +\&\s-1TLS\s0 v1.2, \s-1TLS\s0 v1.0, \s-1SSL\s0 v3.0 or \s-1SSL\s0 v2.0 cipher suites respectively. Note: +there are no ciphersuites specific to \s-1TLS\s0 v1.1. +.IP "\fB\s-1AES128\s0\fR, \fB\s-1AES256\s0\fR, \fB\s-1AES\s0\fR" 4 +.IX Item "AES128, AES256, AES" +cipher suites using 128 bit \s-1AES\s0, 256 bit \s-1AES\s0 or either 128 or 256 bit \s-1AES\s0. +.IP "\fB\s-1AESGCM\s0\fR" 4 +.IX Item "AESGCM" +\&\s-1AES\s0 in Galois Counter Mode (\s-1GCM\s0): these ciphersuites are only supported +in \s-1TLS\s0 v1.2. +.IP "\fB\s-1CAMELLIA128\s0\fR, \fB\s-1CAMELLIA256\s0\fR, \fB\s-1CAMELLIA\s0\fR" 4 +.IX Item "CAMELLIA128, CAMELLIA256, CAMELLIA" +cipher suites using 128 bit \s-1CAMELLIA\s0, 256 bit \s-1CAMELLIA\s0 or either 128 or 256 bit +\&\s-1CAMELLIA\s0. .IP "\fB3DES\fR" 4 .IX Item "3DES" cipher suites using triple \s-1DES\s0. @@ -329,6 +366,9 @@ cipher suites using \s-1MD5\s0. .IP "\fB\s-1SHA1\s0\fR, \fB\s-1SHA\s0\fR" 4 .IX Item "SHA1, SHA" cipher suites using \s-1SHA1\s0. +.IP "\fB\s-1SHA256\s0\fR, \fB\s-1SHA384\s0\fR" 4 +.IX Item "SHA256, SHA384" +ciphersuites using \s-1SHA256\s0 or \s-1SHA384\s0. .IP "\fBaGOST\fR" 4 .IX Item "aGOST" cipher suites using \s-1GOST\s0 R 34.10 (either 2001 or 94) for authenticaction @@ -349,6 +389,9 @@ cipher suites, using \s-1HMAC\s0 based on \s-1GOST\s0 R 34.11\-94. .IP "\fB\s-1GOST89MAC\s0\fR" 4 .IX Item "GOST89MAC" cipher suites using \s-1GOST\s0 28147\-89 \s-1MAC\s0 \fBinstead of\fR \s-1HMAC\s0. +.IP "\fB\s-1PSK\s0\fR" 4 +.IX Item "PSK" +cipher suites using pre-shared keys (\s-1PSK\s0). .SH "CIPHER SUITE NAMES" .IX Header "CIPHER SUITE NAMES" The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from the @@ -498,8 +541,104 @@ Note: these ciphers can also be used in \s-1SSL\s0 v3. \& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024\-DHE\-DSS\-RC4\-SHA \& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA .Ve -.SS "\s-1SSL\s0 v2.0 cipher suites." -.IX Subsection "SSL v2.0 cipher suites." +.SS "Elliptic curve cipher suites." +.IX Subsection "Elliptic curve cipher suites." +.Vb 5 +\& TLS_ECDH_RSA_WITH_NULL_SHA ECDH\-RSA\-NULL\-SHA +\& TLS_ECDH_RSA_WITH_RC4_128_SHA ECDH\-RSA\-RC4\-SHA +\& TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH\-RSA\-AES128\-SHA +\& TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH\-RSA\-AES256\-SHA +\& +\& TLS_ECDH_ECDSA_WITH_NULL_SHA ECDH\-ECDSA\-NULL\-SHA +\& TLS_ECDH_ECDSA_WITH_RC4_128_SHA ECDH\-ECDSA\-RC4\-SHA +\& TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH\-ECDSA\-AES128\-SHA +\& TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH\-ECDSA\-AES256\-SHA +\& +\& TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE\-RSA\-NULL\-SHA +\& TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE\-RSA\-RC4\-SHA +\& TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE\-RSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE\-RSA\-AES128\-SHA +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE\-RSA\-AES256\-SHA +\& +\& TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE\-ECDSA\-NULL\-SHA +\& TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE\-ECDSA\-RC4\-SHA +\& TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE\-ECDSA\-DES\-CBC3\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE\-ECDSA\-AES128\-SHA +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE\-ECDSA\-AES256\-SHA +\& +\& TLS_ECDH_anon_WITH_NULL_SHA AECDH\-NULL\-SHA +\& TLS_ECDH_anon_WITH_RC4_128_SHA AECDH\-RC4\-SHA +\& TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH\-DES\-CBC3\-SHA +\& TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH\-AES128\-SHA +\& TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH\-AES256\-SHA +.Ve +.SS "\s-1TLS\s0 v1.2 cipher suites" +.IX Subsection "TLS v1.2 cipher suites" +.Vb 1 +\& TLS_RSA_WITH_NULL_SHA256 NULL\-SHA256 +\& +\& TLS_RSA_WITH_AES_128_CBC_SHA256 AES128\-SHA256 +\& TLS_RSA_WITH_AES_256_CBC_SHA256 AES256\-SHA256 +\& TLS_RSA_WITH_AES_128_GCM_SHA256 AES128\-GCM\-SHA256 +\& TLS_RSA_WITH_AES_256_GCM_SHA384 AES256\-GCM\-SHA384 +\& +\& TLS_DH_RSA_WITH_AES_128_CBC_SHA256 Not implemented. +\& TLS_DH_RSA_WITH_AES_256_CBC_SHA256 Not implemented. +\& TLS_DH_RSA_WITH_AES_128_GCM_SHA256 Not implemented. +\& TLS_DH_RSA_WITH_AES_256_GCM_SHA384 Not implemented. +\& +\& TLS_DH_DSS_WITH_AES_128_CBC_SHA256 Not implemented. +\& TLS_DH_DSS_WITH_AES_256_CBC_SHA256 Not implemented. +\& TLS_DH_DSS_WITH_AES_128_GCM_SHA256 Not implemented. +\& TLS_DH_DSS_WITH_AES_256_GCM_SHA384 Not implemented. +\& +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE\-RSA\-AES128\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE\-RSA\-AES256\-SHA256 +\& TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE\-DSS\-AES128\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE\-DSS\-AES256\-SHA256 +\& TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE\-DSS\-AES128\-GCM\-SHA256 +\& TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE\-DSS\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH\-RSA\-AES128\-SHA256 +\& TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH\-RSA\-AES256\-SHA384 +\& TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH\-ECDSA\-AES128\-SHA256 +\& TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH\-ECDSA\-AES256\-SHA384 +\& TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH\-ECDSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE\-RSA\-AES128\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE\-RSA\-AES256\-SHA384 +\& TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE\-RSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE\-RSA\-AES256\-GCM\-SHA384 +\& +\& TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE\-ECDSA\-AES128\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE\-ECDSA\-AES256\-SHA384 +\& TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE\-ECDSA\-AES128\-GCM\-SHA256 +\& TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE\-ECDSA\-AES256\-GCM\-SHA384 +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH\-AES128\-SHA256 +\& TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH\-AES256\-SHA256 +\& TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH\-AES128\-GCM\-SHA256 +\& TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH\-AES256\-GCM\-SHA384 +.Ve +.SS "Pre shared keying (\s-1PSK\s0) cipheruites" +.IX Subsection "Pre shared keying (PSK) cipheruites" +.Vb 4 +\& TLS_PSK_WITH_RC4_128_SHA PSK\-RC4\-SHA +\& TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK\-3DES\-EDE\-CBC\-SHA +\& TLS_PSK_WITH_AES_128_CBC_SHA PSK\-AES128\-CBC\-SHA +\& TLS_PSK_WITH_AES_256_CBC_SHA PSK\-AES256\-CBC\-SHA +.Ve +.SS "Deprecated \s-1SSL\s0 v2.0 cipher suites." +.IX Subsection "Deprecated SSL v2.0 cipher suites." .Vb 7 \& SSL_CK_RC4_128_WITH_MD5 RC4\-MD5 \& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP\-RC4\-MD5 @@ -531,6 +670,13 @@ strength: \& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq .Ve .PP +Include all ciphers except ones with no encryption (eNULL) or no +authentication (aNULL): +.PP +.Vb 1 +\& openssl ciphers \-v \*(AqALL:!aNULL\*(Aq +.Ve +.PP Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: .PP .Vb 1 diff --git a/secure/usr.bin/openssl/man/cms.1 b/secure/usr.bin/openssl/man/cms.1 index d77ae28..2c39684 100644 --- a/secure/usr.bin/openssl/man/cms.1 +++ b/secure/usr.bin/openssl/man/cms.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CMS 1" -.TH CMS 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CMS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -252,7 +252,7 @@ compiled with \fBzlib\fR support for this option to work, otherwise it will output an error. .IP "\fB\-EncryptedData_encrypt\fR" 4 .IX Item "-EncryptedData_encrypt" -Encrypt suppled content using supplied symmetric key and algorithm using a \s-1CMS\s0 +Encrypt content using supplied symmetric key and algorithm using a \s-1CMS\s0 \&\fBEncrytedData\fR type and output the content. .IP "\fB\-sign_receipt\fR" 4 .IX Item "-sign_receipt" diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index f902d90..79bed64 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CRL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,6 +139,7 @@ crl \- CRL utility [\fB\-text\fR] [\fB\-in filename\fR] [\fB\-out filename\fR] +[\fB\-nameopt option\fR] [\fB\-noout\fR] [\fB\-hash\fR] [\fB\-issuer\fR] @@ -171,6 +172,10 @@ default. .IP "\fB\-text\fR" 4 .IX Item "-text" print out the \s-1CRL\s0 in text form. +.IP "\fB\-nameopt option\fR" 4 +.IX Item "-nameopt option" +option which determines how the subject or issuer names are displayed. See +the description of \fB\-nameopt\fR in \fIx509\fR\|(1). .IP "\fB\-noout\fR" 4 .IX Item "-noout" don't output the encoded version of the \s-1CRL\s0. diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 880d2a8..7e430ea 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH CRL2PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 93b4026..42e5acc 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -124,21 +124,22 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DGST 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests +dgst, sha, sha1, mdc2, ripemd160, sha224, sha256, sha384, sha512, md2, md4, md5, dss1 \- message digests .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBdgst\fR -[\fB\-md5|\-md4|\-md2|\-sha1|\-sha|\-mdc2|\-ripemd160|\-dss1\fR] +[\fB\-sha|\-sha1|\-mdc2|\-ripemd160|\-sha224|\-sha256|\-sha384|\-sha512|\-md2|\-md4|\-md5|\-dss1\fR] [\fB\-c\fR] [\fB\-d\fR] [\fB\-hex\fR] [\fB\-binary\fR] +[\fB\-r\fR] [\fB\-out filename\fR] [\fB\-sign filename\fR] [\fB\-keyform arg\fR] @@ -147,16 +148,18 @@ dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests [\fB\-prverify filename\fR] [\fB\-signature filename\fR] [\fB\-hmac key\fR] +[\fB\-non\-fips\-allow\fR] +[\fB\-fips\-fingerprint\fR] [\fBfile...\fR] .PP -[\fBmd5|md4|md2|sha1|sha|mdc2|ripemd160\fR] -[\fB\-c\fR] -[\fB\-d\fR] -[\fBfile...\fR] +\&\fBopenssl\fR +[\fIdigest\fR] +[\fB...\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The digest functions output the message digest of a supplied file or files -in hexadecimal form. They can also be used for digital signing and verification. +in hexadecimal. The digest functions also generate and verify digital +signatures using message digests. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-c\fR" 4 @@ -169,10 +172,14 @@ print out \s-1BIO\s0 debugging information. .IP "\fB\-hex\fR" 4 .IX Item "-hex" digest is to be output as a hex dump. This is the default case for a \*(L"normal\*(R" -digest as opposed to a digital signature. +digest as opposed to a digital signature. See \s-1NOTES\s0 below for digital +signatures using \fB\-hex\fR. .IP "\fB\-binary\fR" 4 .IX Item "-binary" output the digest or signature in binary form. +.IP "\fB\-r\fR" 4 +.IX Item "-r" +output the digest in the \*(L"coreutils\*(R" format used by programs like \fBsha1sum\fR. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" filename to output to, or standard output by default. @@ -181,8 +188,8 @@ filename to output to, or standard output by default. digitally sign the digest using the private key in \*(L"filename\*(R". .IP "\fB\-keyform arg\fR" 4 .IX Item "-keyform arg" -Specifies the key format to sign digest with. Only \s-1PEM\s0 and \s-1ENGINE\s0 -formats are supported by the \fBdgst\fR command. +Specifies the key format to sign digest with. The \s-1DER\s0, \s-1PEM\s0, P12, +and \s-1ENGINE\s0 formats are supported. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" Use engine \fBid\fR for operations (including private key storage). @@ -241,20 +248,46 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-non\-fips\-allow\fR" 4 +.IX Item "-non-fips-allow" +enable use of non-FIPS algorithms such as \s-1MD5\s0 even in \s-1FIPS\s0 mode. +.IP "\fB\-fips\-fingerprint\fR" 4 +.IX Item "-fips-fingerprint" +compute \s-1HMAC\s0 using a specific key +for certain OpenSSL-FIPS operations. .IP "\fBfile...\fR" 4 .IX Item "file..." file or files to digest. If no files are specified then standard input is used. +.SH "EXAMPLES" +.IX Header "EXAMPLES" +To create a hex-encoded message digest of a file: + openssl dgst \-md5 \-hex file.txt +.PP +To sign a file using \s-1SHA\-256\s0 with binary file output: + openssl dgst \-sha256 \-sign privatekey.pem \-out signature.sign file.txt +.PP +To verify a signature: + openssl dgst \-sha256 \-verify publickey.pem \e + \-signature signature.sign \e + file.txt .SH "NOTES" .IX Header "NOTES" The digest of choice for all new applications is \s-1SHA1\s0. Other digests are however still widely used. .PP -If you wish to sign or verify data using the \s-1DSA\s0 algorithm then the dss1 -digest must be used. +When signing a file, \fBdgst\fR will automatically determine the algorithm +(\s-1RSA\s0, \s-1ECC\s0, etc) to use for signing based on the private key's \s-1ASN\s0.1 info. +When verifying signatures, it only handles the \s-1RSA\s0, \s-1DSA\s0, or \s-1ECDSA\s0 signature +itself, not the related data to identify the signer and algorithm used in +formats such as x.509, \s-1CMS\s0, and S/MIME. .PP A source of random numbers is required for certain signing algorithms, in -particular \s-1DSA\s0. +particular \s-1ECDSA\s0 and \s-1DSA\s0. .PP The signing and verify options should only be used if a single file is being signed or verified. +.PP +Hex signatures cannot be verified using \fBopenssl\fR. Instead, use \*(L"xxd \-r\*(R" +or similar program to transform the hex signature into a binary signature +prior to verification. diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index 35d7117..77d469c5 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DHPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -139,6 +139,7 @@ dhparam \- DH parameter manipulation and generation [\fB\-in\fR \fIfilename\fR] [\fB\-out\fR \fIfilename\fR] [\fB\-dsaparam\fR] +[\fB\-check\fR] [\fB\-noout\fR] [\fB\-text\fR] [\fB\-C\fR] @@ -182,6 +183,9 @@ and the recommended exponent length is shorter, which makes \s-1DH\s0 key exchange more efficient. Beware that with such DSA-style \s-1DH\s0 parameters, a fresh \s-1DH\s0 key should be created for each use to avoid small-subgroup attacks that may be possible otherwise. +.IP "\fB\-check\fR" 4 +.IX Item "-check" +check if the parameters are valid primes and generator. .IP "\fB\-2\fR, \fB\-5\fR" 4 .IX Item "-2, -5" The generator to use, either 2 or 5. 2 is the default. If present then the diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index e2f43f9..9909747 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -140,6 +140,12 @@ dsa \- DSA key processing [\fB\-passin arg\fR] [\fB\-out filename\fR] [\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -191,10 +197,10 @@ filename. .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the \fBdsa\fR utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index e1bab9d..f0bdb75 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH DSAPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 0c7ac21..f3e2749 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH EC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index f09eb46..d8124b9 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ECPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -143,7 +143,7 @@ ecparam \- EC parameter manipulation and generation [\fB\-C\fR] [\fB\-check\fR] [\fB\-name arg\fR] -[\fB\-list_curve\fR] +[\fB\-list_curves\fR] [\fB\-conv_form arg\fR] [\fB\-param_enc arg\fR] [\fB\-no_seed\fR] diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index eb19027..941bed5 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ENC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index e2bb048..2cdc01f 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH ERRSTR 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index a131278..ae95cef 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH GENDSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -135,6 +135,12 @@ gendsa \- generate a DSA private key from a set of parameters .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBgendsa\fR [\fB\-out filename\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -147,10 +153,10 @@ The \fBgendsa\fR command generates a \s-1DSA\s0 private key from a \s-1DSA\s0 pa (which will be typically generated by the \fBopenssl dsaparam\fR command). .SH "OPTIONS" .IX Header "OPTIONS" -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. .IP "\fB\-rand file(s)\fR" 4 .IX Item "-rand file(s)" diff --git a/secure/usr.bin/openssl/man/genpkey.1 b/secure/usr.bin/openssl/man/genpkey.1 index 5ebcd80..1c56f39 100644 --- a/secure/usr.bin/openssl/man/genpkey.1 +++ b/secure/usr.bin/openssl/man/genpkey.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENPKEY 1" -.TH GENPKEY 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH GENPKEY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 20dce21..7db0df0 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH GENRSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -136,6 +136,18 @@ genrsa \- generate an RSA private key \&\fBopenssl\fR \fBgenrsa\fR [\fB\-out filename\fR] [\fB\-passout arg\fR] +[\fB\-aes128\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -157,10 +169,10 @@ used. .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. If none of these options is +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with specified +cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the \fB\-passout\fR argument. .IP "\fB\-F4|\-3\fR" 4 diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index 9aa88e6..81f13c7 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH NSEQ 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 8225e97..67c8336 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OCSP 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index 52e984a..6a79a51 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH OPENSSL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index f924585..8648dc9 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PASSWD 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index d51abed..8c17470 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS12 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index 7755980..0335b06 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS7 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index 84747b7..644cb67 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKCS8 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkey.1 b/secure/usr.bin/openssl/man/pkey.1 index a5d80d2..9177c1d 100644 --- a/secure/usr.bin/openssl/man/pkey.1 +++ b/secure/usr.bin/openssl/man/pkey.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEY 1" -.TH PKEY 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKEY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyparam.1 b/secure/usr.bin/openssl/man/pkeyparam.1 index f56ce5a..aee0833 100644 --- a/secure/usr.bin/openssl/man/pkeyparam.1 +++ b/secure/usr.bin/openssl/man/pkeyparam.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEYPARAM 1" -.TH PKEYPARAM 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKEYPARAM 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/pkeyutl.1 b/secure/usr.bin/openssl/man/pkeyutl.1 index dde13bb..857d758 100644 --- a/secure/usr.bin/openssl/man/pkeyutl.1 +++ b/secure/usr.bin/openssl/man/pkeyutl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "PKEYUTL 1" -.TH PKEYUTL 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH PKEYUTL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 6bbd75a..d089011 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RAND 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index c70a78e..5b48dd1 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH REQ 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 55141b7..2db0626 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSA 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -141,6 +141,12 @@ rsa \- RSA key processing tool [\fB\-out filename\fR] [\fB\-passout arg\fR] [\fB\-sgckey\fR] +[\fB\-aes128\fR] +[\fB\-aes192\fR] +[\fB\-aes256\fR] +[\fB\-camellia128\fR] +[\fB\-camellia192\fR] +[\fB\-camellia256\fR] [\fB\-des\fR] [\fB\-des3\fR] [\fB\-idea\fR] @@ -197,10 +203,10 @@ see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\f .IX Item "-sgckey" use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 keys. -.IP "\fB\-des|\-des3|\-idea\fR" 4 -.IX Item "-des|-des3|-idea" -These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the -\&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. +.IP "\fB\-aes128|\-aes192|\-aes256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 +.IX Item "-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +These options encrypt the private key with the specified +cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the \fBrsa\fR utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index c09e472..bda3b30 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH RSAUTL 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index 8473cc1..b973e34 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH S_CLIENT 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -135,6 +135,7 @@ s_client \- SSL/TLS client program .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBs_client\fR [\fB\-connect host:port\fR] +[\fB\-servername name\fR] [\fB\-verify depth\fR] [\fB\-verify_return_error\fR] [\fB\-cert filename\fR] @@ -154,6 +155,7 @@ s_client \- SSL/TLS client program [\fB\-nbio\fR] [\fB\-crlf\fR] [\fB\-ign_eof\fR] +[\fB\-no_ign_eof\fR] [\fB\-quiet\fR] [\fB\-ssl2\fR] [\fB\-ssl3\fR] @@ -163,6 +165,7 @@ s_client \- SSL/TLS client program [\fB\-no_tls1\fR] [\fB\-bugs\fR] [\fB\-cipher cipherlist\fR] +[\fB\-serverpref\fR] [\fB\-starttls protocol\fR] [\fB\-engine id\fR] [\fB\-tlsextdebug\fR] @@ -170,6 +173,8 @@ s_client \- SSL/TLS client program [\fB\-sess_out filename\fR] [\fB\-sess_in filename\fR] [\fB\-rand file(s)\fR] +[\fB\-status\fR] +[\fB\-nextprotoneg protocols\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBs_client\fR command implements a generic \s-1SSL/TLS\s0 client which connects @@ -181,6 +186,9 @@ to a remote host using \s-1SSL/TLS\s0. It is a \fIvery\fR useful diagnostic tool .IX Item "-connect host:port" This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433. +.IP "\fB\-servername name\fR" 4 +.IX Item "-servername name" +Set the \s-1TLS\s0 \s-1SNI\s0 (Server Name Indication) extension in the ClientHello message. .IP "\fB\-cert certname\fR" 4 .IX Item "-cert certname" The certificate to use, if one is requested by the server. The default is @@ -271,6 +279,10 @@ input. .IX Item "-quiet" inhibit printing of session and certificate information. This implicitly turns on \fB\-ign_eof\fR as well. +.IP "\fB\-no_ign_eof\fR" 4 +.IX Item "-no_ign_eof" +shut down the connection when end of file is reached in the input. +Can be used to override the implicit \fB\-ign_eof\fR after \fB\-quiet\fR. .IP "\fB\-psk_identity identity\fR" 4 .IX Item "-psk_identity identity" Use the \s-1PSK\s0 identity \fBidentity\fR when using a \s-1PSK\s0 cipher suite. @@ -299,6 +311,9 @@ this allows the cipher list sent by the client to be modified. Although the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the \fBciphers\fR command for more information. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +use the server's cipher preferences; only used for \s-1SSLV2\s0. .IP "\fB\-starttls protocol\fR" 4 .IX Item "-starttls protocol" send the protocol-specific message(s) to switch to \s-1TLS\s0 for communication. @@ -330,6 +345,20 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +sends a certificate status request to the server (\s-1OCSP\s0 stapling). The server +response (if any) is printed out. +.IP "\fB\-nextprotoneg protocols\fR" 4 +.IX Item "-nextprotoneg protocols" +enable Next Protocol Negotiation \s-1TLS\s0 extension and provide a list of +comma-separated protocol names that the client should advertise +support for. The list should contain most wanted protocols first. +Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or +\&\*(L"spdy/3\*(R". +Empty list of protocols is treated specially and will cause the client to +advertise support for the \s-1TLS\s0 extension but disconnect just after +reciving ServerHello with a list of server supported protocols. .SH "CONNECTED COMMANDS" .IX Header "CONNECTED COMMANDS" If a connection is established with an \s-1SSL\s0 server then any data received diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index b81481d..53efb82 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH S_SERVER 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -161,6 +161,7 @@ s_server \- SSL/TLS server program [\fB\-CAfile filename\fR] [\fB\-nocert\fR] [\fB\-cipher cipherlist\fR] +[\fB\-serverpref\fR] [\fB\-quiet\fR] [\fB\-no_tmp_rsa\fR] [\fB\-ssl2\fR] @@ -181,6 +182,11 @@ s_server \- SSL/TLS server program [\fB\-no_ticket\fR] [\fB\-id_prefix arg\fR] [\fB\-rand file(s)\fR] +[\fB\-status\fR] +[\fB\-status_verbose\fR] +[\fB\-status_timeout nsec\fR] +[\fB\-status_url url\fR] +[\fB\-nextprotoneg protocols\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The \fBs_server\fR command implements a generic \s-1SSL/TLS\s0 server which listens @@ -257,6 +263,9 @@ client certificate chain and makes the server request a certificate from the client. With the \fB\-verify\fR option a certificate is requested but the client does not have to send one, with the \fB\-Verify\fR option the client must supply a certificate or an error occurs. +.Sp +If the ciphersuite cannot request a client certificate (for example an +anonymous ciphersuite or \s-1PSK\s0) this option has no effect. .IP "\fB\-crl_check\fR, \fB\-crl_check_all\fR" 4 .IX Item "-crl_check, -crl_check_all" Check the peer certificate has not been revoked by its \s-1CA\s0. @@ -322,6 +331,9 @@ the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist irrelevant. See the \fBciphers\fR command for more information. +.IP "\fB\-serverpref\fR" 4 +.IX Item "-serverpref" +use the server's cipher preferences, rather than the client's preferences. .IP "\fB\-tlsextdebug\fR" 4 .IX Item "-tlsextdebug" print out a hex dump of any \s-1TLS\s0 extensions received from the server. @@ -365,6 +377,28 @@ generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "\fB\-status\fR" 4 +.IX Item "-status" +enables certificate status request support (aka \s-1OCSP\s0 stapling). +.IP "\fB\-status_verbose\fR" 4 +.IX Item "-status_verbose" +enables certificate status request support (aka \s-1OCSP\s0 stapling) and gives +a verbose printout of the \s-1OCSP\s0 response. +.IP "\fB\-status_timeout nsec\fR" 4 +.IX Item "-status_timeout nsec" +sets the timeout for \s-1OCSP\s0 response to \fBnsec\fR seconds. +.IP "\fB\-status_url url\fR" 4 +.IX Item "-status_url url" +sets a fallback responder \s-1URL\s0 to use if no responder \s-1URL\s0 is present in the +server certificate. Without this option an error is returned if the server +certificate does not contain a responder address. +.IP "\fB\-nextprotoneg protocols\fR" 4 +.IX Item "-nextprotoneg protocols" +enable Next Protocol Negotiation \s-1TLS\s0 extension and provide a +comma-separated list of supported protocol names. +The list should contain most wanted protocols first. +Protocol names are printable \s-1ASCII\s0 strings, for example \*(L"http/1.1\*(R" or +\&\*(L"spdy/3\*(R". .SH "CONNECTED COMMANDS" .IX Header "CONNECTED COMMANDS" If a connection request is established with an \s-1SSL\s0 client and neither the diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 1cd0860..a314b7b 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH S_TIME 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index d16fb99..f1a240f 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SESS_ID 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index a50c5b7..5a50a6a 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SMIME 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 094620f..c134531 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SPEED 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index bbd61b8..a08ed95 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH SPKAC 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1 index ffa5294..7ce2e5b 100644 --- a/secure/usr.bin/openssl/man/ts.1 +++ b/secure/usr.bin/openssl/man/ts.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "TS 1" -.TH TS 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH TS 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/tsget.1 b/secure/usr.bin/openssl/man/tsget.1 index e3d9ec8..d310623 100644 --- a/secure/usr.bin/openssl/man/tsget.1 +++ b/secure/usr.bin/openssl/man/tsget.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "TSGET 1" -.TH TSGET 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH TSGET 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 81d3f3e..01cd000 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH VERIFY 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -168,12 +168,12 @@ of the form: hash.0 or have symbolic links to them of this form (\*(L"hash\*(R" is the hashed certificate subject name: see the \fB\-hash\fR option of the \fBx509\fR utility). Under Unix the \fBc_rehash\fR script will automatically create symbolic links to a directory of certificates. -.IP "\fB\-CAfile file\fR" 4 -.IX Item "-CAfile file" -A file of trusted certificates. The file should contain multiple certificates -in \s-1PEM\s0 format concatenated together. +.IP "\fB\-CAfile file\fR A file of trusted certificates. The file should contain multiple certificates in \s-1PEM\s0 format concatenated together." 4 +.IX Item "-CAfile file A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together." +.PD 0 .IP "\fB\-untrusted file\fR" 4 .IX Item "-untrusted file" +.PD A file of untrusted certificates. The file should contain multiple certificates in \s-1PEM\s0 format concatenated together. .IP "\fB\-purpose purpose\fR" 4 diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index 5c10b1c..b3c01ba 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH VERSION 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 5b0617c..66530e5 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -145,6 +145,7 @@ x509 \- Certificate display and signing utility [\fB\-hash\fR] [\fB\-subject_hash\fR] [\fB\-issuer_hash\fR] +[\fB\-ocspid\fR] [\fB\-subject\fR] [\fB\-issuer\fR] [\fB\-nameopt option\fR] @@ -154,6 +155,7 @@ x509 \- Certificate display and signing utility [\fB\-enddate\fR] [\fB\-purpose\fR] [\fB\-dates\fR] +[\fB\-checkend num\fR] [\fB\-modulus\fR] [\fB\-pubkey\fR] [\fB\-fingerprint\fR] @@ -168,6 +170,7 @@ x509 \- Certificate display and signing utility [\fB\-days arg\fR] [\fB\-set_serial n\fR] [\fB\-signkey filename\fR] +[\fB\-passin arg\fR] [\fB\-x509toreq\fR] [\fB\-req\fR] [\fB\-CA filename\fR] @@ -175,6 +178,7 @@ x509 \- Certificate display and signing utility [\fB\-CAcreateserial\fR] [\fB\-CAserial filename\fR] [\fB\-text\fR] +[\fB\-certopt option\fR] [\fB\-C\fR] [\fB\-md2|\-md5|\-sha1|\-mdc2\fR] [\fB\-clrext\fR] @@ -262,6 +266,9 @@ name. .IP "\fB\-issuer_hash\fR" 4 .IX Item "-issuer_hash" outputs the \*(L"hash\*(R" of the certificate issuer name. +.IP "\fB\-ocspid\fR" 4 +.IX Item "-ocspid" +outputs the \s-1OCSP\s0 hash values for the subject name and public key. .IP "\fB\-hash\fR" 4 .IX Item "-hash" synonym for \*(L"\-subject_hash\*(R" for backward compatibility reasons. @@ -300,6 +307,10 @@ prints out the expiry date of the certificate, that is the notAfter date. .IP "\fB\-dates\fR" 4 .IX Item "-dates" prints out the start and expiry dates of a certificate. +.IP "\fB\-checkend arg\fR" 4 +.IX Item "-checkend arg" +checks if the certificate expires within the next \fBarg\fR seconds and exits +non-zero if yes it will expire or zero if not. .IP "\fB\-fingerprint\fR" 4 .IX Item "-fingerprint" prints out the digest of the \s-1DER\s0 encoded version of the whole certificate @@ -383,6 +394,10 @@ the \fB\-clrext\fR option is supplied. If the input is a certificate request then a self signed certificate is created using the supplied private key using the subject name in the request. +.IP "\fB\-passin arg\fR" 4 +.IX Item "-passin arg" +the key password source. For more information about the format of \fBarg\fR +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). .IP "\fB\-clrext\fR" 4 .IX Item "-clrext" delete any extensions from a certificate. This option is used when a @@ -512,8 +527,8 @@ present then multibyte characters larger than 0xff will be represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX for 32 bits. Also if this option is off any UTF8Strings will be converted to their character form first. -.IP "\fBno_type\fR" 4 -.IX Item "no_type" +.IP "\fBignore_type\fR" 4 +.IX Item "ignore_type" this option does not attempt to interpret multibyte characters in any way. That is their content octets are merely dumped as though one octet represents each character. This is useful for diagnostic purposes but diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index 6a24214..aeb0060 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2014-06-05" "1.0.1h" "OpenSSL" +.TH X509V3_CONFIG 1 "2014-10-15" "1.0.1j" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -307,7 +307,7 @@ The \s-1IP\s0 address used in the \fB\s-1IP\s0\fR options can be in either IPv4 .PP The value of \fBdirName\fR should point to a section containing the distinguished name to use as a set of name value pairs. Multi values AVAs can be formed by -preceeding the name with a \fB+\fR character. +prefacing the name with a \fB+\fR character. .PP otherName can include arbitrary data associated with an \s-1OID:\s0 the value should be the \s-1OID\s0 followed by a semicolon and the content in standard diff --git a/secure/usr.bin/scp/Makefile b/secure/usr.bin/scp/Makefile index d58d855..1d77d4f 100644 --- a/secure/usr.bin/scp/Makefile +++ b/secure/usr.bin/scp/Makefile @@ -12,7 +12,7 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/usr.bin/sftp/Makefile b/secure/usr.bin/sftp/Makefile index bb1c325..96f9d04 100644 --- a/secure/usr.bin/sftp/Makefile +++ b/secure/usr.bin/sftp/Makefile @@ -12,7 +12,7 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} ${LIBEDIT} ${LIBNCURSESW} -LDADD= -lssh -ledit -lncursesw +LDADD= ${LDSSH} -ledit -lncursesw USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/usr.bin/ssh-add/Makefile b/secure/usr.bin/ssh-add/Makefile index 97191ba..fe8739b 100644 --- a/secure/usr.bin/ssh-add/Makefile +++ b/secure/usr.bin/ssh-add/Makefile @@ -12,7 +12,7 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/usr.bin/ssh-agent/Makefile b/secure/usr.bin/ssh-agent/Makefile index b5db532..b5c98b7 100644 --- a/secure/usr.bin/ssh-agent/Makefile +++ b/secure/usr.bin/ssh-agent/Makefile @@ -12,7 +12,7 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/usr.bin/ssh-keygen/Makefile b/secure/usr.bin/ssh-keygen/Makefile index 45e4d16..62e3927 100644 --- a/secure/usr.bin/ssh-keygen/Makefile +++ b/secure/usr.bin/ssh-keygen/Makefile @@ -12,13 +12,13 @@ SRCS+= roaming_dummy.c .endif DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 DPADD+= ${LIBLDNS} -LDADD+= -lldns +LDADD+= ${LDLDNS} USEPRIVATELIB+= ldns .endif diff --git a/secure/usr.bin/ssh-keyscan/Makefile b/secure/usr.bin/ssh-keyscan/Makefile index 298f52a..4465918 100644 --- a/secure/usr.bin/ssh-keyscan/Makefile +++ b/secure/usr.bin/ssh-keyscan/Makefile @@ -7,7 +7,7 @@ SRCS= ssh-keyscan.c roaming_dummy.c CFLAGS+=-I${SSHDIR} -include ssh_namespace.h DPADD= ${LIBSSH} -LDADD= -lssh +LDADD= ${LDSSH} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" diff --git a/secure/usr.bin/ssh/Makefile b/secure/usr.bin/ssh/Makefile index 89f9927..3c969cd 100644 --- a/secure/usr.bin/ssh/Makefile +++ b/secure/usr.bin/ssh/Makefile @@ -16,13 +16,13 @@ SRCS= ssh.c readconf.c clientloop.c sshtty.c \ SRCS+= gss-genr.c DPADD= ${LIBSSH} ${LIBUTIL} -LDADD= -lssh -lutil +LDADD= ${LDSSH} -lutil USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" CFLAGS+= -DHAVE_LDNS=1 DPADD+= ${LIBLDNS} -LDADD+= -lldns +LDADD+= ${LDLDNS} USEPRIVATELIB+= ldns .endif diff --git a/secure/usr.sbin/sshd/Makefile b/secure/usr.sbin/sshd/Makefile index d487fe3..7215315 100644 --- a/secure/usr.sbin/sshd/Makefile +++ b/secure/usr.sbin/sshd/Makefile @@ -26,7 +26,7 @@ MAN= sshd.8 sshd_config.5 CFLAGS+=-I${SSHDIR} -include ssh_namespace.h DPADD= ${LIBSSH} ${LIBUTIL} ${LIBWRAP} ${LIBPAM} -LDADD= -lssh -lutil -lwrap ${MINUSLPAM} +LDADD= ${LDSSH} -lutil -lwrap ${MINUSLPAM} USEPRIVATELIB= ssh .if ${MK_LDNS} != "no" @@ -47,7 +47,7 @@ CFLAGS+= -include krb5_config.h DPADD+= ${LIBGSSAPI_KRB5} ${LIBGSSAPI} ${LIBKRB5} ${LIBHX509} ${LIBASN1} \ ${LIBCOM_ERR} ${LIBROKEN} ${LIBWIND} ${LIBHEIMBASE} ${LIBHEIMIPCC} LDADD+= -lgssapi_krb5 -lgssapi -lkrb5 -lhx509 -lasn1 \ - -lcom_err -lroken -lwind -lheimbase -lheimipcc + -lcom_err -lroken -lwind -lheimbase ${LDHEIMIPCC} .endif .if ${MK_OPENSSH_NONE_CIPHER} != "no" |
